d6991.com traffic
Paul Ferguson
fergdawgster at mykolab.com
Tue Sep 24 00:11:03 UTC 2013
On 9/23/2013 5:01 PM, fire-eyes wrote:
> It's DNS reflection attack noise:
>
> http://dnsamplificationattacks.blogspot.com/2013/09/domain-d6991com.html
>
> This is a good blog for observing the domains and frequent correlation
> of items in whois and other traits that indicate much of this is done by
> the same actors.
>
Thanks for the pointer. :-)
- ferg
> On 09/23/2013 12:55 PM, Christopher Hunt wrote:
>> Beginning about 0900UTC we began seeing about 50x our usual DNS traffic.
>> 75% of the traffic is for d6991.com. Does anyone else see this?
>> Who are
>> these folks (WEBNIC.CC)?
>>
>> -chris
>>
>
>
>
>
--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington USA
IID --> "Connect and Collaborate" --> www.internetidentity.com
More information about the NANOG
mailing list