19 Feb
2014
19 Feb
'14
4:26 a.m.
It has been ongoing for a week or so (but not constant). The domain names have a pattern but are comprised of components that appear to be randomly generated. The source IP addresses for the queries appear to be non duplicated and randomly generated.
query logs are available for unicasting to the interested.
Has nobody else seen this?
We've seen it. It is pretty clearly an attack against authoritative name servers for various domains, using open recursors or proxies to reflect the queries. Steinar Haug, AS 2116