DNS deluge for x.p.ctrc.cc

Thread: DNS deluge for x.p.ctrc.cc

Search this list only Search all lists
DNS deluge for x.p.ctrc.cc
	2006-02-27 03:02:17
I thought I would chime in quickly, one of my customers has been one of the targets of this attack. The x.p.ctrc.cc DNS server was shut down on the 15th, the response itself had a 360000 TTL so that should be expired by now. On this end of it, the largest traffic spike we received was around 8 Gbps. The last time we saw this traffic was on the 21st around 2 GMT with traffic at about 2 Gbps, it has lost a lot of steam. If you see unusual DNS traffic to AS32787 or 72.52.0.0/18, chances are it is part of this attack or the attacker setup a new RR to query against. I've yet to see a copy of the malware that is doing the spoofed queries itself. If anyone has it, I would like to take a look. Thanks and I am really impressed with everyone's reaction to this attack. Especially Rob Thomas, he really has a grip on it. Cheers, -Barrett

DNS deluge for x.p.ctrc.cc
	2006-02-27 16:04:22
] Thanks and I am really impressed with everyone's reaction to this attack. ] Especially Rob Thomas, he really has a grip on it. Thanks muchly, Barrett, but the credit goes to Steve Gill. -- Rob Thomas Team Cymru http://www.cymru.com/ ASSERT(coffee != empty);

[1-2]