Possible DDoS Occurring Need Advice

From:

Date:

Time:

Hi Group,

As well as replying to the list, please reply to my private email - I
really need help.

Let's start from the premise that I wouldn't know what the logs of a
DDoS would look like - at best I am only speculating - so if someone
can confirm or deny what I'm seeing - I would GREATLY appreciate it.

In any event, I believe that we have come under some form of a DDoS attack.

Begging this morning, our DNS servers have seen "Outstanding" at 200
and "Queries" at 6/sec

The DNS logs show IP's that resolve from places all over and I'm not
even sure that I am reading the logs correctly:

U.S. Army Research Laboratory - 128.63.2.53
University of Maryland - 128.8.10.90
University of Southern California - 128.9.0.107
DOD Network Information Center - 192.112.36.4
NASA Ames Research Center - 192.203.230.10

BTW, Im running QDNS Pro 3.0.1 on Mac 7500 with OS 8.6.

Thanks in advance.

Michael Reaves
Hostmaster
--
Adimpleo/FirstNetSecurity
5500 Democracy Road, Suite 150
Plano, Texas 75024
Phone (972) 378-6900 ext 225 http://www.firstnetsecurity.com

Here's a short log excerpt (I have logs from 400K to 9 meg):

Oct 11 13:17:37 Lame delegation for "238.52.208.157.in-addr.arpa."
from "144.228.254.10:53"
Oct 11 13:17:41 Lame delegation for "238.52.208.157.in-addr.arpa."
from "206.228.179.10:53"
Oct 11 13:17:41 Lame delegation for "238.52.208.157.in-addr.arpa."
from "144.228.254.10:53"
Oct 11 13:17:51 Lame delegation for "138.70.158.209.in-addr.arpa."
from "141.151.0.68:53"
Oct 11 13:18:01 Lame delegation for "12.35.75.66.in-addr.arpa." from
"24.30.200.3:53"
Oct 11 13:18:02 Lame delegation for "254.69.179.208.in-addr.arpa."
from "192.33.14.32:53"
Oct 11 13:18:11 Lame delegation for "138.70.158.209.in-addr.arpa."
from "141.151.0.68:53"
Oct 11 13:18:31 Lame delegation for "138.70.158.209.in-addr.arpa."
from "141.151.0.68:53"
Oct 11 13:18:37 Lame delegation for "196.9.211.62.in-addr.arpa." from
"193.0.0.193:53"
Oct 11 13:18:51 Lame delegation for "138.70.158.209.in-addr.arpa."
from "141.151.0.68:53"
Oct 11 13:18:53 Lame delegation for "79.195.8.64.in-addr.arpa." from
"192.12.94.32:53"
Oct 11 13:19:01 Lame delegation for "12.35.75.66.in-addr.arpa." from
"24.30.200.3:53"
Oct 11 13:19:03 Lame delegation for "227.161.211.62.in-addr.arpa."
from "193.0.0.193:53"
Oct 11 13:19:09 Lame delegation for "94.225.198.65.in-addr.arpa."
from "192.12.94.32:53"
Oct 11 13:19:11 Lame delegation for "138.70.158.209.in-addr.arpa."
from "141.151.0.68:53"
Oct 11 13:19:27 Dropping bogus reply from 24.93.35.32:53
Oct 11 13:20:01 Lame delegation for "12.35.75.66.in-addr.arpa." from
"24.30.200.3:53"
Oct 11 13:21:12 Dropping bogus reply from 24.93.35.32:53
Oct 11 13:21:29 Lame delegation for "9.188.172.199.in-addr.arpa."
from "198.6.1.65:53"
Oct 11 13:21:31 Lame delegation for "9.188.172.199.in-addr.arpa."
from "198.6.1.65:53"
Oct 11 13:21:37 Lame delegation for "9.188.172.199.in-addr.arpa."
from "198.6.1.65:53"
Oct 11 13:21:39 Lame delegation for "78.136.34.166.in-addr.arpa."
from "192.35.51.32:53"
Oct 11 13:21:40 Lame delegation for
"242.128/25.200.32.12.in-addr.arpa." from "12.127.16.70:53"
Oct 11 13:21:40 Lame delegation for
"242.128/25.200.32.12.in-addr.arpa." from "199.191.128.106:53"
Oct 11 13:21:40 Lame delegation for
"242.128/25.200.32.12.in-addr.arpa." from "12.127.16.70:53"
Oct 11 13:21:40 Lame delegation for
"242.128/25.200.32.12.in-addr.arpa." from "199.191.128.106:53"
Oct 11 13:22:30 Dropping bogus reply from 207.69.200.210:53
Oct 11 13:22:50 Dropping bogus reply from 207.69.200.210:53
Oct 11 13:23:00 Lame delegation for "10.68.158.209.in-addr.arpa."
from "141.151.0.68:53"
Oct 11 13:23:10 Dropping bogus reply from 207.69.200.210:53
Oct 11 13:56:27 Lame delegation for "8.69.177.142.in-addr.arpa." from
"142.177.1.3:53"

Sales:
888/4-DPOINT

Support:
858/452-3696