[dns-operations] Abnormal activity fron chinanet?
David Conrad
drc at virtualized.org
Fri Dec 2 17:56:04 UTC 2011
Can you provide contact information for CNCERT?
The multi-Gbps DoS attempts from China are getting tiresome.
Thanks,
-drc
On Dec 2, 2011, at 9:51 AM, Keith Mitchell wrote:
> Experience with similar incidents in the past suggests it is probably
> worth contacting the CNCERT folks about this, who will hopefully be able
> to reach out to the ISP.
>
> Keith
>
>
> On 12/02/2011 12:05 PM, Chris Adams wrote:
>> Once upon a time, Jason Bratton <jbratton at rackspace.com> said:
>>> I'm happy to know we aren't the only ones seeing this then. We've had
>>> the exact same traffic patterns since Monday, and they show no signs of
>>> stopping.
>>>
>>> The IP addresses are either spoofed or they are going out multiple
>>> providers simultaneously because we are seeing the traffic sourced from
>>> the same IP addresses hit our US and UK anycast nodes simultaneously.
>>> I'm leaning more towards spoofed IP addresses because the usage of ANY
>>> queries sure seems like an attempt at an amplification attack.
>>
>> One thing I've noticed is that we see the requests between about 0400
>> and 1900 UTC - it almost looks like somebody is doing this manually and
>> takes a break to go to sleep.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
More information about the dns-operations
mailing list