dns-operations AT lists.opennicproject.org
Subject: Dns-operations mailing list
List archive
Re: [opennic-dns-operations] ns19.tx.us (50.116.23.211) has been null-routed by provider
Chronological Thread
- From: Bersl <bersl2 AT bersl2.info>
- To: dns-operations AT lists.opennicproject.org
- Subject: Re: [opennic-dns-operations] ns19.tx.us (50.116.23.211) has been null-routed by provider
- Date: Mon, 05 Oct 2015 21:06:59 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=bersl2.info; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=guilmon; b=QPo J9PqEVFd+Ecq1HRP8/PRkQvQifGLDq6YrlDVRPwxf799cqj5lWdYi5ngeNqitbXn 3yLO0TPzDndD72DwLEWAVf8VuOpsN/XdldCNHI4R3jc0F6Ki8qJIJ34KPmElx338 bt3ORA8NIL8nKdE9uXZEiKYTlvL/tD6Ds7FU3M/PFQJd+VOld5rKIipKEzPDf+we 6ZcgBNNriyqtKYHengv1TEIAFMrhVWmppZfXd/HRtaffSMlQIg5jPAVHo/oWEl7o UD1Jl0ZCMtrK0bmnI2073jlRCGjLiZ5sIldwnYfRoKW+DxnJsl7VZE2JZNSF56Gd 2VRq2JsxDmycwybkEaA==
On 10/05/2015 11:35 AM, Jeff Taylor wrote:
> It looks like this server is working again. Did you ever get any
> info from your provider?
Yes, it's been lifted. No, unfortunately, when I had asked about the
kind of traffic that triggered the null-route, they gave me a single DNS
UDP question:
> At one point when observing the incoming traffic, we saw
> approximately 21404 incoming packets received in 0.030 seconds,
> with this type of composition as revealed by tcpdump:
>
> 50.116.23.211.domain: 18419+ ANY? play.google.com. (33)
Other than the fact that it's an ANY query, there's nothing unusual
about that. I'd have hoped for a bit more info such as the frequency of
the queries, or even maybe an entire screen worth of output. I'm not
sure I trust the rate they gave either, since it comes out
to over 700k packets per second, with a sample size of 30ms.
Still, I wasn't going to push back too hard at first, and now there's
nothing to squabble over unless it happens again. It really might have
been a rogue drive-by DDoSing.
¯\(°_o)/¯
- [opennic-dns-operations] ns19.tx.us (50.116.23.211) has been null-routed by provider, Bersl, 10/01/2015
- Re: [opennic-dns-operations] ns19.tx.us (50.116.23.211) has been null-routed by provider, Jeff Taylor, 10/05/2015
- Re: [opennic-dns-operations] ns19.tx.us (50.116.23.211) has been null-routed by provider, Bersl, 10/05/2015
- Re: [opennic-dns-operations] ns19.tx.us (50.116.23.211) has been null-routed by provider, Jeff Taylor, 10/05/2015
Archive powered by MHonArc 2.6.19.