This morning I noticed a large number of the following DNS queries:
These queries were arriving at a constant rate of 5000 per minute (83.33 per second). The source IP did not vary. I looked up the indicated source IP. The IP is assinged to Enzu Inc. The IP reverse lookup indicates that the IP resolves to rdns.scalabledns.com. Attempts to reach Scalable DNS reached a Web site that indicated “Updates coming shortly.”
This is clearly an attack directed against Scalable DNS. The attack was “primed” or tested at 6:57 PM CDT on Saturday, March 28th and began full force at 7:43 PM CDT. The attack is ongoing at the time of this post. If you run an open DNS service, you should drop or rate limit A and ANY queries for sunrisecx.com.
The image above shows the timeline of the attack.