Ongoing DDoS Email Attack Affects DNS Servers

Network Administrators Discuss "10,000 Packets per Second" Denial-of-Service Mitigation

On January 26, 2006, Barry from TheWorld reported that an army of zombies were generating huge numbers of email messages to bogus addresses, many of which would bounce back to TheWorld servers for processing.

The unusually high DNS traffic was characterized as more of a nuisance than a complete Denial of Service, but requests for 10,000 packets per second could not be ignored. The attack had lasted for about a week when reported.

The requests came from legitimate hosts in the form of DNS+SMTP requests. It did not appear that standard bots were being used in this attack.

Responses by NANOGers suggested different ways to throttle back the DNS traffic. One comment warned: Shutting off the mothership often means that the zombies become even more zombied and keep pounding on your server long after the mothership is dead.

Source: NANOG Archive

About Secure64 Software Corporation
Secure64® is a software developer providing highly secure DNS and server applications with built-in denial-of-service protection features to help ensure your Internet-dependent business is always accessible. Based on the genuinely secure SourceT® microOS, Secure64 DNS remains highly available during network attacks and is immune to compromise from rootkits and malware.

DNS Security News Index