On 17.8.2012 15.04, John Doe wrote: > Maybe it is this: > http://arstechnica.com/business/2012/03/how-anonymous-plans-to-use-dns-as-a-weapon/ Interesting idea. In that case the ip's in my logs would point to the targets of the attact. I checked a few of them, and they look more like hijacked victims, or ns query mediators like me. I don't see a common factor. ...icon.com (Ricoh, Japanese office machines) ...unum.com (employee insurances, I think) sexy-lingerie.uk.com mnet04-40.austin.datafoundry.com ...netmagicians.com ns1.p10.dynect.net www.macsales.com 66-226-73-103.dedicated.codero.net ns.rackspace.com ns1.clt.peak-10.com (their webpage: "We're rock solid"!) - Jussi