d6991.com traffic

• Previous message (by thread): d6991.com traffic
• Next message (by thread): spam to nanog folks from qualisystems.com?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/23/2013 5:01 PM, fire-eyes wrote:

> It's DNS reflection attack noise:
>
> http://dnsamplificationattacks.blogspot.com/2013/09/domain-d6991com.html
>
> This is a good blog for observing the domains and frequent correlation
> of items in whois and other traits that indicate much of this is done by
> the same actors.
>


Thanks for the pointer. :-)

- ferg


> On 09/23/2013 12:55 PM, Christopher Hunt wrote:
>> Beginning about 0900UTC we began seeing about 50x our usual DNS traffic.
>>   75% of the traffic is for d6991.com.  Does anyone else see this?
>> Who are
>> these folks (WEBNIC.CC)?
>>
>> -chris
>>
>
>
>
>


-- 
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington  USA
IID --> "Connect and Collaborate" --> www.internetidentity.com

• Previous message (by thread): d6991.com traffic
• Next message (by thread): spam to nanog folks from qualisystems.com?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]