> Premature send - I meant to add 'Or against the authoritative servers for
> 5kkx.com?'
>
> We've been seeing a spate of reflected (not amplified) DNS attacks against
> various authoritative servers in Europe for the past week or so, bounced
> through some type of consumer DSL broadband CPE with an open DNS forwarded on
> the WAN interface (don't know the make/model, but it was supplied by the
> broadband operators to the customers), on some European broadband access
> networks.
Pretty clearly an attack against various authoritative servers. Right
now I'm seeing attacks against the following domains / name servers:
comedc.com NS f1g1ns1.dnspod.net vip1.zndns.com v1s1.xundns.com
jd176.com NS ns{1,2}.dnsabc-g.com
x7ok.com NS safe.qycn.{com,org,net,cn}
bdhope.com NS ns{1,2}.dnsabc-b.com
yg521.com NS dns{1,2,3,4,5,6}.iidns.com
56bj56.com NS ns{1,2}.dnsabc-f.com
This is all detected in AS 2116 - unfortunately we have our share of
customers with open resolvers / broadband routers with DNS proxies
open towards the WAN side.
Steinar Haug, AS 2116
