[Pdns-users] Massive DNS DDOS attack
Patrick Domack
patrickdk at patrickdk.com
Wed Oct 10 21:18:09 UTC 2007
Looks like someone using the dns vpn to me.
It could easily be a virus talking back for instructions though.
Quoting Dan Nica <timi at crystal.rdstm.ro>:
>
> since sunday night the DDOS stared, I think
> it is a new virus, but we didn't find anything about this
> virus ...
>
> we have limited the queries with an iptables rule :)
>
> On Wed, 10 Oct 2007, GAVARRET, David wrote:
>
>> Hi all,
>>
>> it seems that, at least in France since monday, we are under a massive
>> DDOS attack, with tons of queries (probably coming from some customers'
>> zombies PC) concerning nx hosts on some russian domains like the
>> following :
>> q6y8La01ami4707SmEIY0R5SJ8.ultra-online.ru
>> 60G6eR2dAgC1VTA43ox4F0Cu3JJAfI.ultracomp.ru
>> qpT764qCL3ggh81RQROH35MuJ4meD4tvxwPe.ultracomp.ru
>> 5L48F8LRnsrFfIB7oP455IJc85hE7e2.ultra-online.ru
>> fR8LLaD2o3NLLtjOV0G8QcCBOpR47SO1tSEishJX3rT57.ultra-online.ru
>>
>> Did any of you notice the same thing ?
>> Until now, our Recursor servers (3.1.4) seem to handle the load (+20%)
>> without any problem ... thanks to Bert !
>>
>> If any of you have informations concerning this attack (name of the
>> virus for example :) ) ...
>>
>> Best regards,
>> --
>> David Gavarret
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
More information about the Pdns-users
mailing list