> > I am wondering if anyone else is seeing a sudden increase in DNS attacks > > emanating from chinese IP addresses? Over the past 24 hours we've seen a > > sudden rash of chinese IPs attacking our DNS servers in the order of 5 to 10 > > million PPS for periods of 5 to 10 mins, repeated every 20 to 30 minutes. > > > This anomalous traffic started roughly 24 hours ago, and while we've had > > occasions of anomalous chinese traffic, never anything of this type. > > I don't know if it's related, but at about the same time USNO reported an > attack on their NTP servers. > > I could easily imagine a piece of malware with a bug that does massive > retransmits on both DNS and NTP.
I'm seeing DNS-based attacks on a regular basis, typically several per day. Often involving ANY isc.org or ANY ripe.net to get a good amplification. E.g. *right now* an amplification attack against 78.159.111.190. Steinar Haug, Nethelp consulting, sth...@nethelp.no