Broadcast pings.


It is probably just someone 'smurfing', where they fudge the source ip of
the broadcast ping request. The actual source of the ICMP request is
probably entirely different than the nameserver you are seeing in your
logs....hence the difficulty(although not impossible) tracking these attacks.

I would imagine that this poor nameserver in question is also suffering from
the attack as well when all the pinged devices attempt to respond. You
probably have one or more folks using the same dummy address for the source.
This is the nature of the 'smurf' problem.

Check out:

This is a co-worker of mine that has put together some useful background and
tips addressing this issue.

Hope that helps.