Re: Possible DDoS?

B0;261;0cHi there, On Wed, 17 Oct 2012, Manson, John wrote: Does this rise to the level of a DDoS attack? 82 queries in a second is modest, but you're in US government and that IP is in China. Given the recent publicity, IMO that's probable cause. I blackhole IPs that behave like this. I

?????? Re: ?????? Re: Possible DDoS?

Oct 2012 00:22:24 To: Subject: Re: 答复： Re: Possible DDoS? On 10/18/2012 12:12 AM, Tony Xue wrote: > > I am pretty sure the sources were hacked because one of my another What makes you think the source IPs were real? ___ Please visit

Re: 答复： Re: Possible DDoS?

On 10/18/2012 12:12 AM, Tony Xue wrote: I am pretty sure the sources were hacked because one of my another What makes you think the source IPs were real? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this li

?????? Re: Possible DDoS?

d from the packet can see there're exactly the same type of attack. -Original Message- From: Phil Mayers Sender: bind-users-bounces+xuezxbb=gmail@lists.isc.orgDate: Wed, 17 Oct 2012 23:59:11 To: Subject: Re: Possible DDoS? On 10/17/2012 07:39 PM, Dennis Clarke wrote: > I h

Re: Possible DDoS?

On 10/17/2012 07:39 PM, Dennis Clarke wrote: I have the exact same problem with an ip inside State of Colorado General Government Computer subnet : http://whois.arin.net/rest/org/SCGGC That's not exactly a fly-by-night organisation; have you contacted them? Some server there has been pound

Re: Possible DDoS?

> From time to time I notice a large number of queries like these to one > of my external dns servers: > > 14:14:40.01407 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * > ? > > Does this rise to the level of a DDoS attack? > No NS record for this IP. > I blackhole IPs that behave lik

RE: Possible DDoS?

Thanks So that is why there are usually no NS records? -Original Message- From: Chuck Swiger [mailto:cswi...@mac.com] Sent: Wednesday, October 17, 2012 2:31 PM To: Manson, John Cc: bind-users@lists.isc.org Subject: Re: Possible DDoS? Hi-- On Oct 17, 2012, at 11:17 AM, Manson, John wrote

Re: Possible DDoS?

Hi-- On Oct 17, 2012, at 11:17 AM, Manson, John wrote: > From time to time I notice a large number of queries like these to one of my > external dns servers: > > 14:14:40.01407 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ? > [ ... ] > 14:14:40.98668 121.10.105.66 -> 143.231.1.67 DNS

Possible DDoS?

>From time to time I notice a large number of queries like these to one of my >external dns servers: 14:14:40.01407 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ? 14:14:40.01529 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ? 14:14:40.03688 121.10.105.66 -> 143.231.1.67 D