Tuesday, November 19, 2013

Domain: x.privetrc.com

Domain: x.privetrc.com

If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled.

If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck.


IPtables:


There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.

U32:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFFFDF=0x01580850 && 0x2c&0xDFDFDFDF=0x52495645 && 0x30&0xDFDFDFFF=0x54524303 && 0x34&0xDFDFDFFF=0x434f4d00" -j DROP -m comment --comment "DROP DNS Q x.privetrc.com"

More U32 rules can be found here:

https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt

String:
iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 56 --algo bm --hex-string '|017808707269766574726303636f6d00|' -j DROP -m comment --comment "DROP DNS Q x.privetrc.com"
More Iptables rules for the STRING module can be found here:


https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt

Source:


Unknown

Name server:

privetrc.com. 84009 IN NS ns2.privetrc.com.
privetrc.com. 84009 IN NS ns1.privetrc.com.

;; ADDITIONAL SECTION:
ns1.privetrc.com. 602409 IN A 199.217.118.89
ns2.privetrc.com. 602409 IN A 199.217.118.89


Response:


TXT 1
Rsize


Whois


Domain Name: privetrc.com
Registry Domain ID: 1835437025_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2013-11-18T11:44:24Z
Creation Date: 2013-11-14T16:30:28Z
Registrar Registration Expiration Date: 2014-11-14T15:30:28Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller: 
Domain Status: clientTransferProhibited
Domain Status: 
Domain Status: 
Domain Status: 
Domain Status: 
Registry Registrant ID: 
Registrant Name: Nikolay GERASIMOV
Registrant Organization: 
Registrant Street: Gandi, 63-65 boulevard Massena
Registrant City: (Gandi) Paris
Registrant State/Province: 
Registrant Postal Code: (Gandi) 75013
Registrant Country: (Gandi) FR
Registrant Phone: (Gandi) +33.170377666
Registrant Phone Ext:
Registrant Fax: (Gandi) +33.143730576
Registrant Fax Ext:
Registrant Email: 6f58ac296b52288bf0e92962cc0f4ab3-1810439@contact.gandi.net
Registry Admin ID: 
Admin Name: Nikolay GERASIMOV
Admin Organization: 
Admin Street: Gandi, 63-65 boulevard Massena
Admin City: (Gandi) Paris
Admin State/Province: 
Admin Postal Code: (Gandi) 75013
Admin Country: (Gandi) FR
Admin Phone: (Gandi) +33.170377666
Admin Phone Ext:
Admin Fax: (Gandi) +33.143730576
Admin Fax Ext:
Admin Email: 6f58ac296b52288bf0e92962cc0f4ab3-1810439@contact.gandi.net
Registry Tech ID: 
Tech Name: Nikolay GERASIMOV
Tech Organization: 
Tech Street: Gandi, 63-65 boulevard Massena
Tech City: (Gandi) Paris
Tech State/Province: 
Tech Postal Code: (Gandi) 75013
Tech Country: (Gandi) FR
Tech Phone: (Gandi) +33.170377666
Tech Phone Ext:
Tech Fax: (Gandi) +33.143730576
Tech Fax Ext:
Tech Email: 6f58ac296b52288bf0e92962cc0f4ab3-1810439@contact.gandi.net
Name Server: NS1.PRIVETRC.COM
Name Server: NS2.PRIVETRC.COM
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
Name Server: 
DNSSEC: Unsigned




No comments:

Post a Comment