There has been quite a bit of that recently with particular focus on
RapidSwitch in Maidenhead I believe.
We're received a few such attacks ourselves - it's a DNS Reflection Attack.
Not so sure on mitigation though unfortunately.
Cheers,
Martin
-----Original Message-----
From: Cliff Stanford
Sent: Thursday, January 31, 2013 11:32 AM
To: [email protected]
Subject: [uknof] DNS DDoS
Just before 09:00 this morning we saw a 100 Mbps port saturated. Upon
investigation the traffic appears to be DNS responses to requests that
were never made.
Over the following 5 minutes, we saw over 600,000 UDP DNS responses
originating from 20 different DNS servers. The servers all seem to be
genuine, authoritative servers.
They were all targeted at a single server our side and the destination
ports on the targeted system included nearly pretty much the whole range.
Is this a known DDoS attack, it's a new one on me? Any suggestions on
how to deal it?
Regards,
Cliff.
--
Cliff Stanford
Might Limited +44 20 0222 1666 (Office)
Wren Hall 152a High St +44 7973 616 666 (Mobile)
Ongar, CM5 9JJ
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2013.0.2890 / Virus Database: 2637/6024 - Release Date: 01/10/13
Internal Virus Database is out of date.
