d6991.com traffic
fire-eyes
sgtphou at fire-eyes.org
Tue Sep 24 00:01:24 UTC 2013
It's DNS reflection attack noise:
http://dnsamplificationattacks.blogspot.com/2013/09/domain-d6991com.html
This is a good blog for observing the domains and frequent correlation
of items in whois and other traits that indicate much of this is done by
the same actors.
On 09/23/2013 12:55 PM, Christopher Hunt wrote:
> Beginning about 0900UTC we began seeing about 50x our usual DNS traffic.
> 75% of the traffic is for d6991.com. Does anyone else see this? Who are
> these folks (WEBNIC.CC)?
>
> -chris
>
More information about the NANOG
mailing list