nanog mailing list archives
Re: Recent DNS attacks from China?
From: Hal Murray <hmurray () megapathdsl net>
Date: Wed, 30 Nov 2011 12:31:29 -0800
I am wondering if anyone else is seeing a sudden increase in DNS attacks emanating from chinese IP addresses? Over the past 24 hours we've seen a sudden rash of chinese IPs attacking our DNS servers in the order of 5 to 10 million PPS for periods of 5 to 10 mins, repeated every 20 to 30 minutes.
This anomalous traffic started roughly 24 hours ago, and while we've had occasions of anomalous chinese traffic, never anything of this type.
I don't know if it's related, but at about the same time USNO reported an attack on their NTP servers. I could easily imagine a piece of malware with a bug that does massive retransmits on both DNS and NTP. ----------- From: Rich <schmidt.rich () gmail com> Newsgroups: comp.protocols.time.ntp Subject: NTP Denial of Service attack 29 November 2011 Date: Tue, 29 Nov 2011 12:44:44 -0800 (PST) Organization: http://groups.google.com NNTP-Posting-Host: 199.211.133.254 USNO is seeing an apparent coordinated denial of service attack on NTP originating with the following IPs: 220.117.53.67; 218.92.115.152; 114.40.28.224; 218.201.21.194. ---------- At 11 pm EST 29 Nov 2011 the Navy Cyber Defense Operations Command ordered USNO to take NTP servers in Washington, DC offline, and USNO complied. USNO serves more than 3 million clients. This is the first time in 17 years that we have ceased NTP operations. ---- NTP Service from USNO Washington was restored at 30.56 November 2011 UTC. No further information is available for dissemination at this time. -- These are my opinions, not necessarily my employer's. I hate spam.
Current thread:
- Re: Recent DNS attacks from China?, (continued)
- Re: Recent DNS attacks from China? andrew.wallace (Nov 30)
- Re: Recent DNS attacks from China? Valdis . Kletnieks (Nov 30)
- Re: Recent DNS attacks from China? Richard Barnes (Nov 30)
- RE: Recent DNS attacks from China? Matlock, Kenneth L (Nov 30)
- RE: Recent DNS attacks from China? Rob.Vercouteren (Nov 30)
- RE: Recent DNS attacks from China? Drew Weaver (Nov 30)
- Re: Recent DNS attacks from China? andrew.wallace (Nov 30)
- Re: Recent DNS attacks from China? -Hammer- (Nov 30)
- Re: Recent DNS attacks from China? David Conrad (Nov 30)
- Re: Recent DNS attacks from China? -Hammer- (Nov 30)
- Re: Recent DNS attacks from China? sthaug (Nov 30)