Looks like someone using the dns vpn to me.
It could easily be a virus talking back for instructions though.
Quoting Dan Nica <[EMAIL PROTECTED]>:
since sunday night the DDOS stared, I think
it is a new virus, but we didn't find anything about this
virus ...
we have limited the queries with an iptables rule :)
On Wed, 10 Oct 2007, GAVARRET, David wrote:
Hi all,
it seems that, at least in France since monday, we are under a massive
DDOS attack, with tons of queries (probably coming from some customers'
zombies PC) concerning nx hosts on some russian domains like the
following :
q6y8La01ami4707SmEIY0R5SJ8.ultra-online.ru
60G6eR2dAgC1VTA43ox4F0Cu3JJAfI.ultracomp.ru
qpT764qCL3ggh81RQROH35MuJ4meD4tvxwPe.ultracomp.ru
5L48F8LRnsrFfIB7oP455IJc85hE7e2.ultra-online.ru
fR8LLaD2o3NLLtjOV0G8QcCBOpR47SO1tSEishJX3rT57.ultra-online.ru
Did any of you notice the same thing ?
Until now, our Recursor servers (3.1.4) seem to handle the load (+20%)
without any problem ... thanks to Bert !
If any of you have informations concerning this attack (name of the
virus for example :) ) ...
Best regards,
--
David Gavarret
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
