More like DNS Amplification attacks. Search through RIPE and NANOG preso archive you will find some useful info about the same.
Regards, Aftab A. Siddiqui On Thu, Jan 31, 2013 at 4:32 PM, Cliff Stanford <[email protected]> wrote: > Just before 09:00 this morning we saw a 100 Mbps port saturated. Upon > investigation the traffic appears to be DNS responses to requests that were > never made. > > Over the following 5 minutes, we saw over 600,000 UDP DNS responses > originating from 20 different DNS servers. The servers all seem to be > genuine, authoritative servers. > > They were all targeted at a single server our side and the destination > ports on the targeted system included nearly pretty much the whole range. > > Is this a known DDoS attack, it's a new one on me? Any suggestions on how > to deal it? > > Regards, > Cliff. > > -- > Cliff Stanford > Might Limited +44 20 0222 1666 (Office) > Wren Hall 152a High St +44 7973 616 666 (Mobile) > Ongar, CM5 9JJ > > >
