nanog mailing list archives
Re: d6991.com traffic
From: fire-eyes <sgtphou () fire-eyes org>
Date: Mon, 23 Sep 2013 20:01:24 -0400
It's DNS reflection attack noise: http://dnsamplificationattacks.blogspot.com/2013/09/domain-d6991com.htmlThis is a good blog for observing the domains and frequent correlation of items in whois and other traits that indicate much of this is done by the same actors.
On 09/23/2013 12:55 PM, Christopher Hunt wrote:
Beginning about 0900UTC we began seeing about 50x our usual DNS traffic. 75% of the traffic is for d6991.com. Does anyone else see this? Who are these folks (WEBNIC.CC)? -chris
Current thread:
- d6991.com traffic Christopher Hunt (Sep 23)
- Re: d6991.com traffic Paul Ferguson (Sep 23)
- Re: d6991.com traffic Chris Hunt (Sep 23)
- Re: d6991.com traffic Dobbins, Roland (Sep 23)
- Re: d6991.com traffic Chris Adams (Sep 23)
- Re: d6991.com traffic Jared Mauch (Sep 23)
- Re: d6991.com traffic Chris Hunt (Sep 23)
- Re: d6991.com traffic Alain Hebert (Sep 23)
- Re: d6991.com traffic Paul Ferguson (Sep 23)
- RE: d6991.com traffic Meshier, Brent (Sep 23)
- Re: d6991.com traffic fire-eyes (Sep 23)
- Re: d6991.com traffic Paul Ferguson (Sep 23)