Once upon a time, Leland Vandervort <lel...@taranta.discpro.org> said: > I am wondering if anyone else is seeing a sudden increase in DNS attacks > emanating from chinese IP addresses? Over the past 24 hours we've seen a > sudden rash of chinese IPs attacking our DNS servers in the order of 5 to 10 > million PPS for periods of 5 to 10 mins, repeated every 20 to 30 minutes. > > This anomalous traffic started roughly 24 hours ago, and while we've had > occasions of anomalous chinese traffic, never anything of this type.
I'm seeing something similar. The requests are to our authoritative servers, and appear to be mostly for a small number of domains at a time (they are all domains we are authoritative for). They are all ANY queries, often repeated for the same domain rapidly. The requests come from one IP at a time, but move to another IP in a minute or two. This does NOT appear to be related to the recent BIND vulnerability. -- Chris Adams <cmad...@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
