Premature send - I meant to add 'Or against the authoritative servers for 5kkx.com?'
We've been seeing a spate of reflected (not amplified) DNS attacks against various authoritative servers in Europe for the past week or so, bounced through some type of consumer DSL broadband CPE with an open DNS forwarded on the WAN interface (don't know the make/model, but it was supplied by the broadband operators to the customers), on some European broadband access networks.
Pretty clearly an attack against various authoritative servers. Right now I'm seeing attacks against the following domains / name servers: comedc.com NS f1g1ns1.dnspod.net vip1.zndns.com v1s1.xundns.com jd176.com NS ns{1,2}.dnsabc-g.com x7ok.com NS safe.qycn.{com,org,net,cn} bdhope.com NS ns{1,2}.dnsabc-b.com yg521.com NS dns{1,2,3,4,5,6}.iidns.com 56bj56.com NS ns{1,2}.dnsabc-f.com This is all detected in AS 2116 - unfortunately we have our share of customers with open resolvers / broadband routers with DNS proxies open towards the WAN side. Steinar Haug, AS 2116