[npnog] Fwd: DNS amplification Distributed Denial of Service (DDOS) Attack from multiple IP addresses CERTIn-68022816

Sat Dec 10 06:38:10 NPT 2016

Dear NPNOG members,

Please look into this CERTIn request and reply accordingly.

BR,

Ajay Mulmi

---------- Forwarded message ----------
From: "incident" <incident at cert-in.org.in>
Date: 9 Dec 2016 15:57
Subject: DNS amplification Distributed Denial of Service (DDOS) Attack from multiple IP addresses CERTIn-68022816
To: <info at itsert-np.org>
Cc: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Ref: CERTIn-68022816
- --------------------

Dear Sir/Madam,

We have received a report of DNS amplification DDoS attack against one of
our constituent organization, originated from IP addresses which are
currently under your control and found to be involved in the attack on
December 09, 2016 at 07:25 hrs and December 07,2016 at 07:45
hrs(TimeStamp/Zone:IST/GMT+530).

Relevant IP addresses list is attached with this email.

The suspected IP addresses are to be running as open DNS resolver.

Such attacks are being carried out by exploiting open or misconfigured
domain name servers that allow recursive queries on authoritative or
non-authoritative name servers. This allows unauthenticated remote
attackers to misuse such publically available open DNS resolvers to
carryout large scale amplified Denial of Service (DrDoS) attacks.

We kindly request you to get these vulnerable devices patched or
appropriately configured to prevent their further misuse.

We greatly appreciate your prompt attention to this matter. Kindly intimate
us about action taken in this matter at the earliest.

- -- 
Thanks and Regards,

CERT-In

Incident Response Help Desk
e-mail : incident at cert-in.org.in
Phone : 1800-11-4949
FAX : 1800-11-6969
Web : http://www.cert-in.org.in
PGP Fingerprint : 4A8F 0BA9 61B1 91D8 8708  7E61 42A4 4F23 2477 855F
PGP Key information:
http://www.cert-in.org.in/contact.htm

Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003 

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 21274) - not licensed for commercial use: www.pgp.com
Charset: utf-8

wsBVAwUBWEqBPUKkTyMkd4VfAQqHRggAiMY9bgAO4Sv5lmEy2IKOwtWKkPujyioW
qilaSalZPPuRjMVVuV3U2HlHfaT7bSmZCemIMGhI2nkrvSMPZjsPXU18RF3Tno8d
VSTusJnuBfU9H9ia+pj/Jwj9gHNf2gapzKpo7cx2OggHOTwmC1GwwJp+8l4ASWB6
cXep9fbgIVxrlKjpxtLlJ7TvoP6VkJ55rB+kE154xz2gwgEij8O51AsGnweNRr2U
8+q4AfHJhSGosaRHv74A86MNw3jYf4NAphPW8Qfto637oxQlZi9p2YLs1YI/kROh
JtElQ+W2pJLEmRvnz3c38S1uIKg3bTm//RoKarVqhoWKbc833l8Bew==
=qL3f
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.npnog.org/pipermail/npnog/attachments/20161210/57726bbd/attachment.html>
-------------- next part --------------
110.44.123.126
202.70.87.25
202.70.65.189
202.52.254.246
110.44.123.189
-------------- next part --------------
202.52.254.246
103.232.152.226
202.79.34.55
202.79.58.182
117.121.236.10
117.121.230.26
117.121.229.150
103.232.152.229
202.129.251.186
103.213.31.30
124.41.213.35
27.111.21.78
202.52.231.102
103.75.148.4
110.44.123.114
202.79.60.223
202.79.60.158