DNS Server Under Attack

Well, what can I say… this is this first post from the WordPress iPad App. Yes, the Apple logo running through my bones that began life when I purchased my MacBook Pro is growing as I now own an iPad. Like the MacBook Pro, I spent an incalculable amount of time fondling the iPads in my local Tescos… so much so that I could potentially have gotten arrested for having an inappropriate relationship with an item of technology. Eventually I succumbed to the magic dust that Apple sprinkle on their products (Dilbert) and purchased one and I can honestly say, it’s great.

I’ve been tinkering with a number of Apps but more on those in a later post. For now, I want to put a shout out to see if anyone else is coming under fire from what appears to be an attempt to blitz one of my DNS servers.

The server in question is receiving about 30 requests per second from a variety of addresses. If my understanding of the tcpdump output is correct each one is either 4KB or 9KB in size.

The addresses these requests are coming from are as follows:-

  • 208.66.169.181 – This is the only one that is constant, all the others come and go
  • 187.45.247.233
  • 213.152.180.143
  • 108.171.219.66
  • 216.150.214.58 – nenolod.com
  • 97.96.2.169
  • 207.7.148.54
  • 146.251.156.141
  • 68.168.22.115
  • 62.45.225.112
  • 216.172.170.29

There are also a couple of hosts which appeared in the list, but they don’t appear to resolve at the time of writing. They are:-

  • customer.worldstream.nl
  • ks383207.krimsufi.com

so, my big question is… is anyone else getting pounded by this sort of attack? It wouldn’t be so bad if the DNS server in question was hosted in a data centre, but it actually sits on my LAN gateway and provides DNS to the LAN, so this attack is killing our ADSL service.

Seems it starts about the same time every day (around 6pm BST) and goes on for an indeterminate period of time. As I’m writing this, I’m watching a tcpdump roll by of all their requests on my DNS server.

Tags: , ,

Leave a Reply

 

Bad Behavior has blocked 120 access attempts in the last 7 days.