Service Report
Global UDP/53 (domain)
-
Top Attacks (past 24 hours)
Key Description Attacks per subnet Change from yesterday CVE Percentage DNS named version attempt 0.02 +58.1 % 
99.1%DNS Windows NAT helper components udp denial of service attempt 0.00 +100.0 %
CVE-2006-5614 0.9%Other 0.00 N/A 0.0% -
Sources (past 24 hours)
By Country
Key Country 
Bytes per subnet Percentage 
US (United States)6.46 kB 33.0%
CN (China)3.58 kB 18.3%
ZA (South Africa)3.19 kB 16.3%
AT (Austria)1.96 kB 10.0%
BE (Belgium)841.17 B 4.3%
PL (Poland)591.77 B 3.0%
AU (Australia)442.90 B 2.3%
DO (Dominican Republic)397.75 B 2.0%
CY (Cyprus)382.37 B 2.0%
JP (Japan)208.36 B 1.1%Other 1.54 kB 7.9%By ASN
Key ASN Bytes per subnet Percentage AS3561 (SAVVIS) 3.69 kB 18.8%AS4134 (CHINANET-BACKBONE) 3.50 kB 17.9%AS3741 (IS) 2.17 kB 11.1%AS3248 (SIL-AT) 1.96 kB 10.0%AS5432 (BELGACOM-SKYNET-AS) 825.52 B 4.2%AS5713 (SAIX-NET) 823.93 B 4.2%AS20938 (RETSAT) 580.81 B 3.0%AS26415 (VERISIGN-INC) 430.82 B 2.2%AS6400 (Unknown) 397.59 B 2.0%AS35432 (WAVESPEED-AS) 379.45 B 1.9%Other 4.84 kB 24.7%By Host
Key Host Bytes per subnet Percentage 72.21.39.10 (ramone.iw2.com.br) 3.69 kB 18.8%86.59.118.117 1.96 kB 10.0%116.7.87.199 694.68 B 3.5%195.13.38.2 (elf.retsat1.com.pl) 580.24 B 3.0%58.60.42.76 530.63 B 2.7%219.128.23.110 451.14 B 2.3%192.58.128.30 (j.root-servers.net) 430.82 B 2.2%41.247.149.249 421.62 B 2.2%58.61.185.133 411.88 B 2.1%196.209.167.87 (196-209-167-87-wbs-esr-4.dynamic.isadsl.co.za) 404.53 B 2.1%Other 10.02 kB 51.2%By Country
Key Country Attacks per subnet Percentage US (United States)0.01 32.4%
TW (Taiwan)0.01 30.5%
FR (France)0.00 15.0%
BR (Brazil)0.00 10.8%
NL (Netherlands)0.00 5.2%
SA (Saudi Arabia)0.00 3.8%
IL (Israel)0.00 0.9%
KE (Kenya)0.00 0.9% CN (China)0.00 0.5%Other 0.00 0.0%By ASN
Key ASN Attacks per subnet Percentage AS20141 (QUALITYTECH-SUW-300) 0.01 31.9%AS3462 (HINET) 0.01 30.5%AS3215 (AS3215) 0.00 14.5%AS7738 (Telecomunicacoes) 0.00 10.8%AS6830 (UPC) 0.00 5.2%AS25019 (SAUDINETSTC-AS) 0.00 3.8%AS1680 (NetVision) 0.00 0.9%AS33770 (KDN) 0.00 0.9%AS12322 (PROXAD) 0.00 0.5%AS4134 (CHINANET-BACKBONE) 0.00 0.5%Other 0.00 0.5%By Host
Key Host Attacks per subnet Percentage 209.192.55.3 0.01 31.9%193.252.11.37 (LPuteaux-151-43-33-37.w193-252.abo.wanadoo.fr) 0.00 14.5%189.25.9.183 0.00 10.8%61.230.202.104 0.00 8.9%61.230.203.29 0.00 8.0%61.230.204.112 0.00 7.0%61.230.199.37 0.00 6.6%62.163.215.74 0.00 5.2%77.31.1.188 0.00 3.8%89.138.252.192 0.00 0.9%Other 0.00 2.3%
Background
| Vendors: | ISC, Red Hat, Debian, Microsoft |
Vulnerabilities
CVE-2008-1447
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via certain cache poisoning techniques against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability." |
|||
CVE-2007-2926
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. |
|||
CVE-2006-5614
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. |
|||
CVE-2001-0010
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges. |
|||
CVE-1999-0009
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |
|||
CVE-1999-0532
A DNS server allows zone transfers. |
-
430 Bedford Street Lexington, MA 02420
T 781.684.0900 | 866.212.7267 F 781.768.3299
Copyright © 2006-2008 Arbor Networks, Inc., All rights reserved.
About ATLAS | Terms of Use | Legal Notice | Privacy Policy