Thursday, October 10, 2013

Domain: txt409.tekjeton.com

Domain: txt409.tekjeton.com

If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled.

If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck.


IPtables:


There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.

U32:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x06545854 && 0x2c=0x34303908 && 0x30&0xDFDFDFDF=0x54454b4a && 0x34&0xDFDFDFDF=0x45544f4e && 0x28&0xFFDFDFDF=0x03434f4d && 0x3c&0xFF000000=0x00000000" -j DROP -m comment --comment "DROP DNS Q txt409.tekjeton.com"

More U32 rules can be found here:

https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt

String:
iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 61 --algo bm --hex-string '|067478743430390874656b6a65746f6e03636f6d00|' -j DROP -m comment --comment "DROP DNS Q txt409.tekjeton.com"
More Iptables rules for the STRING module can be found here:


https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt

Source:


217.74.255.150

Name server:

tekjeton.com.           86379   IN      NS      linux2.patikayapim.com.
tekjeton.com.           86379   IN      NS      linux1.patikayapim.com.

;; ADDITIONAL SECTION:
linux2.patikayapim.com. 86379   IN      A       85.159.68.59
linux1.patikayapim.com. 86379   IN      A       85.159.68.58

Response:


Rsize 98


Whois



The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: TEKJETON.COM
Registrar URL: http://www.godaddy.com
Updated Date: 2013-03-21 13:29:23
Creation Date: 2010-06-03 12:19:30
Registrar Expiration Date: 2014-06-03 12:19:30
Registrar: GoDaddy.com, LLC
Registrant Name: Burak Aydogan
Registrant Organization:
Registrant Street: Besiktas
Registrant City: Istanbul
Registrant State/Province: Marmara
Registrant Postal Code: 34050
Registrant Country: Turkey
Admin Name: Burak Aydogan
Admin Organization:
Admin Street: Besiktas
Admin City: Istanbul
Admin State/Province: Marmara
Admin Postal Code: 34050
Admin Country: Turkey
Admin Phone: 00905322425631
Admin Fax:
Admin Email: arteleon@gmail.com
Tech Name: Burak Aydogan
Tech Organization:
Tech Street: Besiktas
Tech City: Istanbul
Tech State/Province: Marmara
Tech Postal Code: 34050
Tech Country: Turkey
Tech Phone: 00905322425631
Tech Fax:
Tech Email: arteleon@gmail.com
Name Server: LINUX1.PATIKAYAPIM.COM
Name Server: LINUX2.PATIKAYAPIM.COM




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)