[dns-operations] DDoS attack data collection

bert hubert bert.hubert at netherlabs.nl
Sat Jan 31 09:32:19 UTC 2009


On Fri, Jan 30, 2009 at 11:28:44PM -0800, Brian Keefer wrote:
> BTW they're getting smarter.
> Jan 30 19:25:02 imhotep named[32762]: client 208.76.253.253#53: view  
> ext: query
> (cache) './NS/IN' denied

I've seen this starting today:

09:53:39 Not authoritative for 'jalbmlaaaafwx0000dfaaabaaaabdcen', sending servfail to 70.86.80.98
09:55:43 Not authoritative for 'nfdincaaaafwx0000dfaaabaaaabjmbh', sending servfail to 70.86.80.98
09:57:48 Not authoritative for 'dcghlcaaaafwx0000dfaaabaaaabakdd', sending servfail to 70.86.80.98
09:57:54 Not authoritative for 'doghfbaaaafwx0000dfaaabaaaabkhpg', sending servfail to 70.86.80.98
09:59:59 Not authoritative for 'ncedhaaaaafwx0000dfaaabaaaabhbcp', sending servfail to 70.86.80.98
10:02:03 Not authoritative for 'mfbodbaaaafwx0000dfaaabaaaabjohc', sending servfail to 70.86.80.98
10:04:08 Not authoritative for 'dcmndmaaaafwx0000dfaaabaaaabobjk', sending servfail to 70.86.80.98
10:06:12 Not authoritative for 'jejlpbaaaafwx0000dfaaabaaaabopoa', sending servfail to 70.86.80.98
10:08:11 Not authoritative for '', sending servfail to 70.86.80.98 (recursion was desired)
10:08:17 Not authoritative for 'kdhjlcaaaafwx0000dfaaabaaaabnpdp', sending servfail to 70.86.80.98
10:10:21 Not authoritative for 'jnlnfbaaaafwx0000dfaaabaaaabfjip', sending servfail to 70.86.80.98
10:12:26 Not authoritative for 'albgbfaaaafwx0000dfaaabaaaabchdd', sending servfail to 70.86.80.98
10:14:30 Not authoritative for 'ohjbbnaaaafwx0000dfaaabaaaabjkph', sending servfail to 70.86.80.98
10:16:35 Not authoritative for 'moennnaaaafwx0000dfaaabaaaabkmae', sending servfail to 70.86.80.98
10:18:40 Not authoritative for 'keopjfaaaafwx0000dfaaabaaaabkpfm', sending servfail to 70.86.80.98
10:20:44 Not authoritative for 'neopgnaaaafwx0000dfaaabaaaabdhld', sending servfail to 70.86.80.98

	Bert


-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services



More information about the dns-operations mailing list