General Musing

blaze your trail

Anonymous attack preparations? #dns

leave a comment »

Just saw the following on the NANOG mailing list:

I am wondering if anyone else has seen a large amount of DNS queries coming from various IP ranges in China. I have been trying to find a pattern in the attacks but so far I have come up blank. I am completly guessing these are possibly DNS amplification attacks but I am not sure. Usually what I see is this:
– Attacks most commonly between the hours of 4AM-4PM UTC
– DNS queries appear to be for real domains that the DNS servers in question are authoritive for (I can’t really see any pattern there, there are about 150,000 zones on the servers in question)
– From a range of IP’s there will be an attack for approximately 5-10 minutes before stopping and then a break of 30 minutes or so before another attack from a different IP range
– Every IP range has been from China

And wondered whether it might be connected to the DNS Root Server party which is being organized by Anonymous (Official) on March 31.

0100111 –

“To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, the Internet will go Black.”

View or comment on Daniël Crompton’s post »


Written by Daniël W. Crompton (webhat)

February 18, 2012 at 7:57 pm

Posted in Uncategorized

Please Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: