Recently, we have detected a DDOS attack from 108.61.1xx.xxx:53.
Based on the source port number, this likely indicates an open DNS resolver on your network. Open resolvers are very commonly abused to conduct DDOS attacks. Please see http://openresolverproject.org/ or http://www.team-cymru.org/Services/Resolvers/ for more information.
We would ask that you either limit access to this resolver to prevent it from being abused, or implement one of the patches described on http://openresolverproject.org/ or http://www.team-cymru.org/Services/Resolvers/instructions.html . If you are not sure how to do this, we have some instructions available at http://abusereports.gameservers.com/#dns
You can confirm this host is vulnerable by running the following command:
dig example.com @108.61.1xx.xxx
If you see a valid response, this is proof that the machine is vulnerable and actively being used to conduct DDOS attacks. Please note that it's possible this machine has rate limits to help prevent abuse. We're unable to confirm if that's the case, but we can tell you with certainty this machine has been involved in an attack against us.
Our detection systems automatically merge duplicate log entries, however we have the following records:
[2014-12-15 11:52:36 GMT] IP 108.61.1xx.xxx:53 > 108.61.227.105:13134 UDP, length 132743168, packets 32768
If you have any questions about this report, please let us know: abusereports@gameservers.com
=========================================
The recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here:
https://abusix.com/global-reporting/abuse-contact-db
abusix.com is neither responsible nor liable for the content or accuracy of this message.

The user in question was still signed in to one of our public IPs he is apparently infected with malware. We have added a firewall rule to mitigate anymore potential damage caused by his infection and will contact him with a link to this ticket.

Also Read

DoS attack
Dear Provider, I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m...
Network attack received from an IP on your network
Hi, We have detected a network attack from an IP ( Redacted ) from your network, a computer...
New Jersey DMCA - True Detective S01E01 HDTV x264-KILLERS[ettv]
DATE:2014-04-11T00:45:32ZDear Sir/Madam,We are writing this message on behalf of HOME BOX OFFICE,...
Port Scanning / Compromised IP Complaint
> We have received the appended list of possibly compromised or> misconfigured> IP...
IDS Alert
our IDS found suspicious activity from 178.162.197.1, please investigate! The packets form a...