Once upon a time, Leland Vandervort <leland@taranta.discpro.org> said:
I am wondering if anyone else is seeing a sudden increase in DNS attacks emanating from chinese IP addresses? Over the past 24 hours we've seen a sudden rash of chinese IPs attacking our DNS servers in the order of 5 to 10 million PPS for periods of 5 to 10 mins, repeated every 20 to 30 minutes.
This anomalous traffic started roughly 24 hours ago, and while we've had occasions of anomalous chinese traffic, never anything of this type.
I'm seeing something similar. The requests are to our authoritative servers, and appear to be mostly for a small number of domains at a time (they are all domains we are authoritative for). They are all ANY queries, often repeated for the same domain rapidly. The requests come from one IP at a time, but move to another IP in a minute or two. This does NOT appear to be related to the recent BIND vulnerability. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.