Domain registered at Gandi.net
"query: theswat.net IN A +E"
Returns:
The query returns about 242 A records in the 204.46.43.x range.
Name servers:
Namservers same as DirectedAt.Asia
ns2.theswat.net. 84052 IN A 74.91.18.226
ns1.theswat.net. 84052 IN A 74.91.18.226
Whois
domain: theswat.net
reg_created: 2013-01-18 15:32:20
expires: 2014-01-18 15:32:20
created: 2013-01-18 16:32:21
changed: 2013-07-05 04:59:43
transfer-prohibited: yes
ns0: ns1.theswat.net 74.91.18.226
owner-c:
nic-hdl: JK2889-GANDI
owner-name: Julius Kivimäki
organisation: ~
person: Julius Kivimäki
address: Urho Kekkosen katu 1
zipcode: 00100
city: Helsinki
country: Canada
phone: +358.207710710
fax: ~
email:
lastupdated: 2013-02-16 11:32:57
admin-c:
nic-hdl: JK2889-GANDI
owner-name: Julius Kivimäki
organisation: ~
person: Julius Kivimäki
address: Urho Kekkosen katu 1
zipcode: 00100
city: Helsinki
country: Canada
phone: +358.207710710
fax: ~
email:
lastupdated: 2013-02-16 11:32:57
tech-c:
nic-hdl: JK2889-GANDI
owner-name: Julius Kivimäki
organisation: ~
person: Julius Kivimäki
address: Urho Kekkosen katu 1
zipcode: 00100
city: Helsinki
country: Canada
phone: +358.207710710
fax: ~
email:
lastupdated: 2013-02-16 11:32:57
bill-c:
nic-hdl: JK2889-GANDI
owner-name: Julius Kivimäki
organisation: ~
person: Julius Kivimäki
address: Urho Kekkosen katu 1
zipcode: 00100
city: Helsinki
country: Canada
phone: +358.207710710
fax: ~
email:
lastupdated: 2013-02-16 11:32:57
reg_created: 2013-01-18 15:32:20
expires: 2014-01-18 15:32:20
created: 2013-01-18 16:32:21
changed: 2013-07-05 04:59:43
transfer-prohibited: yes
ns0: ns1.theswat.net 74.91.18.226
owner-c:
nic-hdl: JK2889-GANDI
owner-name: Julius Kivimäki
organisation: ~
person: Julius Kivimäki
address: Urho Kekkosen katu 1
zipcode: 00100
city: Helsinki
country: Canada
phone: +358.207710710
fax: ~
email:
lastupdated: 2013-02-16 11:32:57
admin-c:
nic-hdl: JK2889-GANDI
owner-name: Julius Kivimäki
organisation: ~
person: Julius Kivimäki
address: Urho Kekkosen katu 1
zipcode: 00100
city: Helsinki
country: Canada
phone: +358.207710710
fax: ~
email:
lastupdated: 2013-02-16 11:32:57
tech-c:
nic-hdl: JK2889-GANDI
owner-name: Julius Kivimäki
organisation: ~
person: Julius Kivimäki
address: Urho Kekkosen katu 1
zipcode: 00100
city: Helsinki
country: Canada
phone: +358.207710710
fax: ~
email:
lastupdated: 2013-02-16 11:32:57
bill-c:
nic-hdl: JK2889-GANDI
owner-name: Julius Kivimäki
organisation: ~
person: Julius Kivimäki
address: Urho Kekkosen katu 1
zipcode: 00100
city: Helsinki
country: Canada
phone: +358.207710710
fax: ~
email:
lastupdated: 2013-02-16 11:32:57
Source:
Domain was requested from IP:
93.174.93.175 AS29073 Ecatel Network
I've previously seen this IP request 1rip.com 4 times throughout July as well as Ddos.cat.
Regarding disabling all the bind error logging for recursive queries such as
ReplyDeletequery (cache) 'theswat.net/ANY/IN' denied
The below in /etc/named.conf redirect these to /var/named/data/named.security
with a total size limit of 15mbytes of rolling over logs.
Note that category security is only “Approval and denial of requests.”
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
// Redirect all of those 'denied' logs for non-existing domains or external ones (we are 'recursion no;')
// logs to /var/named/data/named.security, up to 3 files of 5mbytes each
// independent hack_detect processes can then scan for flooders and known abusers and block their IPs
channel hd_security {
file "data/named.security" versions 3 size 5m;
print-time yes;
print-severity yes;
print-category yes;
};
category security { hd_security; };
};
Good tip. My server is responding though ;) I'm using a custom logging script that listens on the interface. Giving me the informtation that I want.
Delete