d6991.com traffic
Meshier, Brent
bmeshier at amherst.com
Mon Sep 23 17:11:04 UTC 2013
Could be DNS packet tunneling to China, bad news.
https://www.sans.org/reading-room/whitepapers/dns/detecting-dns-tunneling-34152
-----Original Message-----
From: Christopher Hunt [mailto:dharmachris at gmail.com]
Sent: Monday, September 23, 2013 11:55 AM
To: nanog at nanog.org
Subject: d6991.com traffic
Beginning about 0900UTC we began seeing about 50x our usual DNS traffic.
75% of the traffic is for d6991.com. Does anyone else see this? Who are these folks (WEBNIC.CC)?
-chris
--- Please refer to http://www.amherst.com/amherst-email-disclaimer/ for important disclosures regarding this electronic communication.
More information about the NANOG
mailing list