Skip to Content.
Sympa Menu

discuss - [opennic-discuss] Fwd: Re: d6991.com traffic

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

[opennic-discuss] Fwd: Re: d6991.com traffic


Chronological Thread 
    < Chronological >      < Thread >
  • From: staticsafe <me AT staticsafe.ca>
  • To: discuss AT lists.opennicproject.org
  • Subject: [opennic-discuss] Fwd: Re: d6991.com traffic
  • Date: Mon, 23 Sep 2013 20:15:04 -0400
FYI, you folks may find the blog linked helpful.


-------- Original Message --------
Subject: Re: d6991.com traffic
Date: Mon, 23 Sep 2013 20:01:24 -0400
From: fire-eyes <sgtphou AT fire-eyes.org>
To: nanog AT nanog.org

It's DNS reflection attack noise:

http://dnsamplificationattacks.blogspot.com/2013/09/domain-d6991com.html

This is a good blog for observing the domains and frequent correlation
of items in whois and other traits that indicate much of this is done by
the same actors.

On 09/23/2013 12:55 PM, Christopher Hunt wrote:
Beginning about 0900UTC we began seeing about 50x our usual DNS traffic.
75% of the traffic is for d6991.com. Does anyone else see this? Who are
these folks (WEBNIC.CC)?

-chris






  • [opennic-discuss] Fwd: Re: d6991.com traffic, staticsafe, 09/23/2013

Archive powered by MHonArc 2.6.19.

Top of Page