[dns-operations] DDoS / Feb 6th
ian.meikle at nominet.org.uk
Thu Feb 8 11:36:55 UTC 2007
[Copy of my email to the centr-tech list repeated inline]
dns-operations-bounces at lists.oarci.net wrote on 08/02/2007 10:48:27:
> Short survey... who has been attacked on Feb. 6th?
> I know about:
> -G, L root
> -PL (a-dns.pl)
>From a trawl through DNSMON (dnsmon.ripe.net) I suspect the following
servers of being swamped by these DDoS attacks:
no: njet.norid.no, not.norid.no
org: TLD1.ULTRADNS.NET, TLD2.ULTRADNS.NET, tld3.ultradns.org,
tld4.ultradns.org, tld5.ultradns.info, tld6.ultradns.co.uk.
root: g.root-servers.net, l.root-servers.net
Some other servers show evidence of DDoS. There is clear indication that
f.root-servers.net was attacked, but it only affected some instances, for
The last four are our Ultradns hosted servers, the same is true for org
and lu. I can't be sure but I suspect the others to be geographically
close to a targeted server. Is this true of the no servers?
My guess is that (some) root servers and one of the UltraDNS TLDs were the
target. As we only saw DDoS on our UltraDNS servers I doubt it was us, and
not all of org was hit. Maybe info?
More information about the dns-operations