[dns-operations] what type of attack is this?

Ken Peng pyh2 at att.net
Fri Aug 9 01:51:47 UTC 2013


All of my six nameservers have been attacking, it's against a special domain.

I grep from the last 50000 lines of log and get the attacking IPs as below.
Can you tell what type of attack it is and how to stop this? Thanks.

# tail -50000 /var/log/daemon.log|grep -i waig8.com|perl -ne 'while(<>){$hash{$1}++ if /(\d+\.\d+\.\d+\.\d+)\#\d+/}END {for (sort keys %hash){print $_,"\n"}}'
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130808/20f03ccd/attachment.html>

More information about the dns-operations mailing list