nanog mailing list archives
RE: DDOS-Guard [was: Parler]
From: Jean St-Laurent via NANOG <nanog () nanog org>
Date: Fri, 29 Jan 2021 15:12:28 -0500
This one ended up in Junk. I guess you pasted too much domain names with "Junk" behaviours. 😉 I removed the domain names from this reply. Interesting list though. Thanks for sharing. Any others got that in their junk? Jean St-Laurent CISSP #634103 ddosTest me security inc site: https://ddostest.me email: jean () ddostest me -----Original Message----- From: NANOG <nanog-bounces+jean=ddostest.me () nanog org> On Behalf Of Rich Kulawiec Sent: January 21, 2021 8:02 AM To: nanog () nanog org Subject: DDOS-Guard [was: Parler] About this network: On Sun, Jan 17, 2021 at 01:27:10PM -0800, William Herrin wrote: [snip]
inetnum: 190.115.16.0/20 status: allocated aut-num: AS262254 owner: DDOS-GUARD CORP. ownerid: BZ-DALT-LACNIC responsible: Evgeniy Marchenko address: 1/2Miles Northern Highway, --, -- address: -- - Belize - BZ
[snip] I've taken a look at this /20 and recommend either firewalling it (bidrectionally) or null-routing it. It's loaded with scammy domains, many of which are typosquatting on Hulu, Roku, Netgear, ATT, Facebook, Norton, AOL, HP, Canon, SBC, Epson, Bitdefender, Rand-McNally, Roadrunner, McAfee, Magellan, Office365, Tomtom, Garmin, Webroot, Brother, Belkin, Linksys, and probably some others that I overlooked while eyeballing the list. Appended below is a partial list of domains. All of these either (a) are using nameservers in that /20 or (b) have A records that resolve to that /20 or (c) both, as of when I checked this week. Notes: (1) this list is likely only a subset of what's actually there and (2) h/t to Brian Krebs for cataloging some of these in a blog post. ---rsk
Current thread:
- Re: Parler, (continued)
- Re: Parler William Herrin (Jan 13)
- Re: Parler Matt Corallo (Jan 13)
- RE: Parler Jerry Cloe (Jan 13)
- RE: Parler Jerry Cloe (Jan 13)
- Re: Parler Alain Hebert (Jan 14)
- Re: Parler Matt Erculiani (Jan 14)
- Re: Parler William Herrin (Jan 14)
- RE: Parler Matthias Merkel (Jan 14)
- DDOS-Guard [was: Parler] Rich Kulawiec (Jan 21)
- RE: DDOS-Guard [was: Parler] Jean St-Laurent via NANOG (Jan 29)
- Re: Parler Masataka Ohta (Jan 19)
- Re: Parler David Bass (Jan 10)
- Re: Parler Jim Mercer (Jan 10)
- Re: Parler K. Scott Helms (Jan 10)
- Re: Parler sronan (Jan 10)
- Re: Parler K. Scott Helms (Jan 10)
- Re: Parler mark seery (Jan 10)