[dns-operations] Reported DNS DDoS in China

Bill Larson wllarso at swcp.com
Tue Sep 26 19:43:54 UTC 2006

 From the SANS mailing list:

Begin forwarded message:

> From: The SANS Institute <NewsBites at sans.org>
> Date: September 26, 2006 11:03:40 AM MDT
> Subject: SANS NewsBites Vol. 8 Num. 76
>  --DNS Attack in China Takes 180,000 Web Sites Offline
> (26 September 2006)
> China's second largest domain name service (DNS) provider, Xinet, was
> hit with an eight-hour denial of service attack that disabled 180,000
> web sites.  Many of the web sites are back on line and Xinet hopes to
> have the rest (primarily smaller sites) back on line by October 7. The
> Shanghai Daily site on which the attack is reported was one of the  
> ones
> that had been disabled.
> http://www.shanghaidaily.com/art/2006/09/22/292743/ 
> Attack_confirmed__big_Websites_back_online.htm

Any knowledge of what occurred?  Something more than what is reported  
in the public press.  The only statement is "It is obviously not a  
simple DDoS attack."

The only domain name specifically identified in this article has just  
two DNS servers operated by Xinnet, both on a single 24 bit CIDR  
subnet.  Xinnet itself lists four servers on one 23-bit CIDR subnet.   
Doesn't this seem unusual, short sighted, for a large provider of DNS  

Bill Larson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060926/9d22dbc8/attachment.html>

More information about the dns-operations mailing list