Saturday, November 9, 2013

Domain: siska1.com

Domain: siska1.com

If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled.

If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck.


IPtables:


There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.

U32:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x06534953 && 0x2c&0xDFDFFFFF=0x4b413103 && 0x30&0xDFDFDFFF=0x434f4d00" -j DROP -m comment --comment "DROP DNS Q siska1.com"

More U32 rules can be found here:

https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt

String:
iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 52 --algo bm --hex-string '|067369736b613103636f6d00|' -j DROP -m comment --comment "DROP DNS Q siska1.com"
More Iptables rules for the STRING module can be found here:


https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt

Source:


80.82.65.206 - AS29073 Ecatel Network

Name server:


;; ANSWER SECTION:
siska1.com. 9267 IN NS a.dns.gandi.net.
siska1.com. 9267 IN NS c.dns.gandi.net.
siska1.com. 9267 IN NS b.dns.gandi.net.


Response:


A 258
MX 2
NS 3
SOA 1
Rsize 4294


Whois



Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: SISKA1.COM
Registrar: GANDI SAS
Whois Server: whois.gandi.net
Referral URL: http://www.gandi.net
Name Server: A.DNS.GANDI.NET
Name Server: B.DNS.GANDI.NET
Name Server: C.DNS.GANDI.NET
Status: clientTransferProhibited
Updated Date: 09-nov-2013
Creation Date: 09-nov-2013
Expiration Date: 09-nov-2014

>>> Last update of whois database: Sun, 10 Nov 2013 01:00:09 UTC <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.


The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: siska1.com
Registry Domain ID: 1834806056_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2013-11-10T00:38:25Z
Creation Date: 2013-11-09T17:00:29Z
Registrar Registration Expiration Date: 2014-11-09T16:00:29Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller:
Domain Status: clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID:
Registrant Name: Kapa JOHNS
Registrant Organization:
Registrant Street: sherbakoskay 45/6
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 127027
Registrant Country: RU
Registrant Phone: +7.9257227864
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: purp.level@mail.ru
Registry Admin ID:
Admin Name: Kapa JOHNS
Admin Organization:
Admin Street: sherbakoskay 45/6
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 127027
Admin Country: RU
Admin Phone: +7.9257227864
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: purp.level@mail.ru
Registry Tech ID:
Tech Name: Kapa JOHNS
Tech Organization:
Tech Street: sherbakoskay 45/6
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 127027
Tech Country: RU
Tech Phone: +7.9257227864
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: purp.level@mail.ru
Name Server: A.DNS.GANDI.NET
Name Server: B.DNS.GANDI.NET
Name Server: C.DNS.GANDI.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2013-11-10T01:27:38Z <<<

Reseller Email:
Reseller URL:

Personal data access and use are governed by French law, any use for
the purpose of unsolicited mass commercial advertising as well as any
mass or automated inquiries (for any intent other than the
registration or modification of a domain name) are strictly forbidden.
Copy of whole or part of our database without Gandi's endorsement is
strictly forbidden.
The owner of a domain is the person specified as "Registrant Name" for
a natural person and "Registrant Organization" for a legal person.
Domain ownership disputes should be settled using ICANN's Uniform
Dispute Resolution Policy: http://www.icann.org/en/help/dndr#udrp



No comments:

Post a Comment

Post a Comment