In message <5304201a.3040...@ttec.com>, Joe Maimon writes: > Hey all, > > DNS amplification spoofed source attacks, I get that. I even thought I > was getting mitigation down to acceptable levels. > > But now this. At different times during the previous days and on > different resolvers, routers with proxy turned on, etc... > > Thousand of queries with thousands of source ip addresses. > > According to my logs, sources are not being repeated (or not with any > significant frequency) > > What is the purpose of this?
Indirect attack on the 5kkx.com servers? > 18-Feb-2014 21:45:24.982 queries: info: client 38.89.3.12#19391: query: > swe.5kkx.com IN A + (66.199.132.5) > 18-Feb-2014 21:45:25.067 queries: info: client 4.109.210.187#55190: > query: ngqrbwuzquz.5kkx.com IN A + (66.199.132.7) > 18-Feb-2014 21:45:25.105 queries: info: client 91.82.209.221#33924: > query: bgbtqcdtzen.5kkx.com IN A + (66.199.132.7) > 18-Feb-2014 21:45:25.106 queries: info: client 6.29.8.224#4379: query: > uehkaiy.5kkx.com IN A + (66.199.132.7) > 18-Feb-2014 21:45:25.106 queries: info: client 67.27.41.169#44000: > query: yqv.5kkx.com IN A + (66.199.132.7) > 18-Feb-2014 21:45:25.107 queries: info: client 45.207.31.218#30585: > query: e.5kkx.com IN A + (66.199.132.7) > 18-Feb-2014 21:45:25.644 queries: info: client 95.217.89.95#5396: query: > bfpofpj.5kkx.com IN A + (66.199.132.5) > 18-Feb-2014 21:45:25.823 queries: info: client 89.47.129.187#12316: > query: aocdesguijxym.5kkx.com IN A + (66.199.132.5) > 18-Feb-2014 21:45:26.021 queries: info: client 15.205.106.62#34265: > query: xqgyahfugnt.5kkx.com IN A + (66.199.132.7) > 18-Feb-2014 21:45:26.057 queries: info: client 128.64.33.29#7584: query: > ijwhqfmpohmj.5kkx.com IN A + (216.222.148.103) > 18-Feb-2014 21:45:26.330 queries: info: client 102.206.85.254#8093: > query: ibojknsrqjohib.5kkx.com IN A + (216.222.148.103) > 18-Feb-2014 21:45:26.333 queries: info: client 40.121.221.81#10822: > query: ebb.5kkx.com IN A + (66.199.132.5) > 18-Feb-2014 21:45:26.752 queries: info: client 104.55.169.43#30108: > query: l.5kkx.com IN A + (66.199.132.7) > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org