Hey Cliff, Although we're a boutique outfit, we've recently had such an attack on our corporate NS at gih.co.uk - and we noticed it because of unusual traffic overload. As a result, we had to disable all our recursive nameservers to the outside world. I'd say it's pretty common. Kind regards,
Olivier On 31/01/2013 12:37, Job Snijders wrote: > Hi Cliff, > > http://meetings.ripe.net/ripe-52/presentations/ripe52-plenary-dnsamp.pdf > > Kind regards, > > Job > > On Jan 31, 2013, at 12:32 PM, Cliff Stanford <[email protected]> wrote: > >> Just before 09:00 this morning we saw a 100 Mbps port saturated. Upon >> investigation the traffic appears to be DNS responses to requests that were >> never made. >> >> Over the following 5 minutes, we saw over 600,000 UDP DNS responses >> originating from 20 different DNS servers. The servers all seem to be >> genuine, authoritative servers. >> >> They were all targeted at a single server our side and the destination ports >> on the targeted system included nearly pretty much the whole range. >> >> Is this a known DDoS attack, it's a new one on me? Any suggestions on how >> to deal it? >> >> Regards, >> Cliff. >> >> -- >> Cliff Stanford >> Might Limited +44 20 0222 1666 (Office) >> Wren Hall 152a High St +44 7973 616 666 (Mobile) >> Ongar, CM5 9JJ >> >> > > -- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
