> On Sep 3, 2020, at 8:29 AM, Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > Il semble que le 1er septembre au soir, des pannes de résolveurs DNS > aient touché plusieurs FAI français dont SFR et Bouygues. La > simultaneité ou proximité de ces pannes fait penser à une attaque > (motivations inconnues) plutôt qu'à une panne. (Pas > de nouvelles sur Orange ou Free ; non touchés ?) > Si quelqu'un a des détails autres que ce qui est dan les articles > ci-dessus… > Comme d'habitude à chaque panne, cela a amené de nombreux utilisateurs > à migrer vers les résolveurs DNS des GAFA, d'où ils ne reviendront > probablement pas.
Cela a également été signalé sur la liste de diffusion de l'UKNOF hier : > Begin forwarded message: > > From: Pim van Stam <p...@nbip.nl> > Subject: [uknof] Large DDoS attacks on nameservers of ISP's > Date: September 2, 2020 at 11:39:02 AM GMT+2 > To: uknof <uk...@lists.uknof.org.uk> > > Hi all, > > In The Netherlands we observe large DDoS attacks targeting ISP’s for more > then a week now. > In the order of magnitude of 15-20 ISP’s are target one after the other. The > target within an ISP’s is the infrastructure itself. Mainly the name servers, > but also core routers. > > Characteristics: > * target: mainly namservers of an ISP > * type: CLDAP and DNS amplification (UDP src port 389 and 53 and a lot of udp > fragments, sometimes mistakenly seen as udp port 0) > * size: between 50G - 260G > * duration: witrh mitigation: 5 - 60 minutes; without mitigation: hours, I > believe up to 6 hours, but maybe even longer > It looks like the attacker is monitoring if succesful mitigation comes in > place. Attack will be stopped in that case and the attacker will move to new > target. This is my observation btw. > > What I like to know if this DDoS campaign is a Dutch thing or is > international. > We see also Belgium ISP’s attacked, but they also have presence in NL. > > Has someone observed a DDoS with these characteristics outside NL or BE? > > Best regards, > > Pim van Stam > NBIP-NaWas -Bill
signature.asc
Description: Message signed with OpenPGP