Sounds like a DNS Amplification attack? http://securitytnt.com/dns-amplification-attack/
-Dave. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Cliff Stanford Sent: 31 January 2013 11:32 To: [email protected] Subject: [uknof] DNS DDoS Just before 09:00 this morning we saw a 100 Mbps port saturated. Upon investigation the traffic appears to be DNS responses to requests that were never made. Over the following 5 minutes, we saw over 600,000 UDP DNS responses originating from 20 different DNS servers. The servers all seem to be genuine, authoritative servers. They were all targeted at a single server our side and the destination ports on the targeted system included nearly pretty much the whole range. Is this a known DDoS attack, it's a new one on me? Any suggestions on how to deal it? Regards, Cliff. -- Cliff Stanford Might Limited +44 20 0222 1666 (Office) Wren Hall 152a High St +44 7973 616 666 (Mobile) Ongar, CM5 9JJ
