Based on the logs from the past 48 hours, here are the hosts that appear to be under attack. The count field reflects the individual number of "'./NS/IN' denied" log entries that appeared in my logs. Note that the stats for 206.71.158.30 are under-reported due to the fact that I blackholed that address last night, however packet captures reveal that I'm no longer seeing spoofed packets targeting that address. +----------------+-------------+ | host | count(host) | +----------------+-------------+ | 10.168.69.6 | 18 | | 202.104.106.49 | 84 | | 206.71.158.30 | 34327 | | 210.21.218.138 | 84 | | 63.217.28.226 | 2696 | | 66.230.160.1 | 3541 | | 76.9.16.171 | 1355 | +----------------+-------------+ -- Andrew Fried andrew.fried@gmail.com