[dns-operations] DDoS attack data collection
Brian Keefer
chort at smtps.net
Fri Jan 30 08:34:56 UTC 2009
I stopped seeing probes for these IPs January 28th between 5AM and 6AM
US/Pacific time:
204.11.51.59
204.11.51.60
204.11.51.61
206.71.158.30
208.37.177.61
208.37.177.62
208.78.169.234
208.78.169.235
208.78.169.236
Up until that time, I had been seeing 2-3 of those IPs per hour (never
more than 3 in a single hour, which is interesting) making queries
for ./IN/NS . They have been silent ever since the 28th.
--
bk
On Jan 29, 2009, at 6:50 AM, Brian Keefer wrote:
> There are 3 more IPs that started between 2AM and 3AM Pacific:
> 72.249.127.168
> 69.64.87.156
> 72.20.3.82
>
> --
> bk
>
>
>
> On Jan 28, 2009, at 8:52 AM, Duane Wessels wrote:
>
>>
>>
>> On Wed, 28 Jan 2009, Brian Keefer wrote:
>>
>>> There are two new IPs as of this morning between 3AM and 4AM
>>> Pacific:
>>> 70.86.80.98
>>> 64.57.246.123
>>
>> Thanks. I've updated the script on our web site as well.
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list