[npnog] Fwd: DNS amplification Distributed Denial of Service (DDOS) Attack from multiple IP addresses CERTIn-68022816
Indiver Badal
ib at indiver.com
Sat Dec 10 07:38:55 NPT 2016
There are IPs listed for several local ISPs. Best way to notify the
ISP is to contact their abuse contact obtained by doing a whois on an
IRR.
abuse @ vianet.com.np
abuse_mail @ ntc.net.np
abuse @ mercantile.com.np
noc @ subisu.net.np
abuse @ worldlink.com.np
abuse @ nettv.com.np
abuse @ lumbininet.com.np
abuse @ loopnet.com.np
Thanks
Indiver
On Sat, Dec 10, 2016 at 6:38 AM, Ajay Mulmi via npnog <npnog at npnog.org> wrote:
> Dear NPNOG members,
>
> Please look into this CERTIn request and reply accordingly.
>
> BR,
>
>
> Ajay Mulmi
>
>
> ---------- Forwarded message ----------
> From: "incident" <incident at cert-in.org.in>
> Date: 9 Dec 2016 15:57
> Subject: DNS amplification Distributed Denial of Service (DDOS) Attack from
> multiple IP addresses CERTIn-68022816
> To: <info at itsert-np.org>
> Cc:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Ref: CERTIn-68022816
> - --------------------
>
> Dear Sir/Madam,
>
> We have received a report of DNS amplification DDoS attack against one of
> our constituent organization, originated from IP addresses which are
> currently under your control and found to be involved in the attack on
> December 09, 2016 at 07:25 hrs and December 07,2016 at 07:45
> hrs(TimeStamp/Zone:IST/GMT+530).
>
> Relevant IP addresses list is attached with this email.
>
> The suspected IP addresses are to be running as open DNS resolver.
>
> Such attacks are being carried out by exploiting open or misconfigured
> domain name servers that allow recursive queries on authoritative or
> non-authoritative name servers. This allows unauthenticated remote
> attackers to misuse such publically available open DNS resolvers to
> carryout large scale amplified Denial of Service (DrDoS) attacks.
>
> We kindly request you to get these vulnerable devices patched or
> appropriately configured to prevent their further misuse.
>
> We greatly appreciate your prompt attention to this matter. Kindly intimate
> us about action taken in this matter at the earliest.
>
>
>
> - --
> Thanks and Regards,
>
> CERT-In
>
> Incident Response Help Desk
> e-mail : incident at cert-in.org.in
> Phone : 1800-11-4949
> FAX : 1800-11-6969
> Web : http://www.cert-in.org.in
> PGP Fingerprint : 4A8F 0BA9 61B1 91D8 8708 7E61 42A4 4F23 2477 855F
> PGP Key information:
> http://www.cert-in.org.in/contact.htm
>
> Postal address:
> Indian Computer Emergency Response Team (CERT-In)
> Ministry of Electronics and Information Technology
> Government of India
> Electronics Niketan
> 6, C.G.O. Complex
> New Delhi-110 003
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: Encryption Desktop 10.3.2 (Build 21274) - not licensed for
> commercial use: www.pgp.com
> Charset: utf-8
>
> wsBVAwUBWEqBPUKkTyMkd4VfAQqHRggAiMY9bgAO4Sv5lmEy2IKOwtWKkPujyioW
> qilaSalZPPuRjMVVuV3U2HlHfaT7bSmZCemIMGhI2nkrvSMPZjsPXU18RF3Tno8d
> VSTusJnuBfU9H9ia+pj/Jwj9gHNf2gapzKpo7cx2OggHOTwmC1GwwJp+8l4ASWB6
> cXep9fbgIVxrlKjpxtLlJ7TvoP6VkJ55rB+kE154xz2gwgEij8O51AsGnweNRr2U
> 8+q4AfHJhSGosaRHv74A86MNw3jYf4NAphPW8Qfto637oxQlZi9p2YLs1YI/kROh
> JtElQ+W2pJLEmRvnz3c38S1uIKg3bTm//RoKarVqhoWKbc833l8Bew==
> =qL3f
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> npnog mailing list
> npnog at npnog.org
> https://lists.npnog.org/listinfo/npnog
>
More information about the npnog
mailing list