[Emerging-Sigs] Dns ddos

Brandon Kendall brandon.kendall at gmail.com
Wed Oct 26 09:12:22 EDT 2011


My company had a DDoS the other morning that seemed a little odd - packets
were UDP with both the source and destination port 53. The target IP wasn't
running DNS so the firewall blocked all of the attempts, but it still
managed to saturate a 500 mb internet link. Firewall logs show about 63,000
sources, in a fairly sequential order, leading us to believe they are
spoofed.

Unfortunately I wasn't able to capture any of the packets.

Has anyone else seen activity like this lately?

Thanks!

Sent from my Android device.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111026/5e739204/attachment.html


More information about the Emerging-sigs mailing list