fergdawgster at mykolab.com
Tue Sep 24 00:11:03 UTC 2013
On 9/23/2013 5:01 PM, fire-eyes wrote:
> It's DNS reflection attack noise:
> This is a good blog for observing the domains and frequent correlation
> of items in whois and other traits that indicate much of this is done by
> the same actors.
Thanks for the pointer. :-)
> On 09/23/2013 12:55 PM, Christopher Hunt wrote:
>> Beginning about 0900UTC we began seeing about 50x our usual DNS traffic.
>> 75% of the traffic is for d6991.com. Does anyone else see this?
>> Who are
>> these folks (WEBNIC.CC)?
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington USA
IID --> "Connect and Collaborate" --> www.internetidentity.com
More information about the NANOG