d6991.com traffic

• Previous message (by thread): d6991.com traffic
• Next message (by thread): d6991.com traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Could be DNS packet tunneling to China, bad news.

https://www.sans.org/reading-room/whitepapers/dns/detecting-dns-tunneling-34152


-----Original Message-----
From: Christopher Hunt [mailto:dharmachris at gmail.com]
Sent: Monday, September 23, 2013 11:55 AM
To: nanog at nanog.org
Subject: d6991.com traffic

Beginning about 0900UTC we began seeing about 50x our usual DNS traffic.
 75% of the traffic is for d6991.com.  Does anyone else see this?  Who are these folks (WEBNIC.CC)?

-chris

--- Please refer to http://www.amherst.com/amherst-email-disclaimer/ for important disclosures regarding this electronic communication.

• Previous message (by thread): d6991.com traffic
• Next message (by thread): d6991.com traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]