d6991.com traffic

• Previous message (by thread): d6991.com traffic
• Next message (by thread): d6991.com traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It's DNS reflection attack noise:

http://dnsamplificationattacks.blogspot.com/2013/09/domain-d6991com.html

This is a good blog for observing the domains and frequent correlation 
of items in whois and other traits that indicate much of this is done by 
the same actors.

On 09/23/2013 12:55 PM, Christopher Hunt wrote:
> Beginning about 0900UTC we began seeing about 50x our usual DNS traffic.
>   75% of the traffic is for d6991.com.  Does anyone else see this?  Who are
> these folks (WEBNIC.CC)?
>
> -chris
>

• Previous message (by thread): d6991.com traffic
• Next message (by thread): d6991.com traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]