Hi Cliff, http://meetings.ripe.net/ripe-52/presentations/ripe52-plenary-dnsamp.pdf
Kind regards, Job On Jan 31, 2013, at 12:32 PM, Cliff Stanford <[email protected]> wrote: > Just before 09:00 this morning we saw a 100 Mbps port saturated. Upon > investigation the traffic appears to be DNS responses to requests that were > never made. > > Over the following 5 minutes, we saw over 600,000 UDP DNS responses > originating from 20 different DNS servers. The servers all seem to be > genuine, authoritative servers. > > They were all targeted at a single server our side and the destination ports > on the targeted system included nearly pretty much the whole range. > > Is this a known DDoS attack, it's a new one on me? Any suggestions on how to > deal it? > > Regards, > Cliff. > > -- > Cliff Stanford > Might Limited +44 20 0222 1666 (Office) > Wren Hall 152a High St +44 7973 616 666 (Mobile) > Ongar, CM5 9JJ > >
