Tuesday, December 3, 2013

Domain: nf3.pw

Domain: nf3.pw

If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled.

If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck.


IPtables:


There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.

U32:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFFF=0x034e4633 && 0x2c&0xFFDFDFFF=0x02505700" -j DROP -m comment --comment "DROP DNS Q nf3.pw"

More U32 rules can be found here:

https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt

String:
iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 48 --algo bm --hex-string '|036e663302707700|' -j DROP -m comment --comment "DROP DNS Q nf3.pw"
More Iptables rules for the STRING module can be found here:


https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt

Source:


No IP source for this domain

Name server:


;; ANSWER SECTION:
nf3.pw. 900 IN NS ns1.ukraine.com.ua.
nf3.pw. 900 IN NS ns3.ukraine.com.ua.
nf3.pw. 900 IN NS ns2.ukraine.com.ua.


Response:


A 2
MX 2
NS 3
SOA 1
TXT 19
Rsize 5177


Whois


This whois service is provided by CentralNic Ltd and only contains
information pertaining to Internet domain names we have registered for
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd https://www.centralnic.com/

Domain ID:CNIC-DO1659398
Domain Name:NF3.PW
Created On:2013-11-29T21:45:16.0Z
Last Updated On:2013-11-29T21:45:17.0Z
Expiration Date:2014-11-29T23:59:59.0Z
Status:TRANSFER PROHIBITED
Status:ADD PERIOD
Registrant ID:H4522628
Registrant Name:Vasya Pupkin
Registrant Organization:Private Person
Registrant Street1:kfierikeoinoieno
Registrant City:oieoipoik
Registrant State/Province:chpikaepriekr
Registrant Postal Code:34346
Registrant Country:RU
Registrant Phone:+7.380507797565
Registrant Email:vasya-pupkin1122@rambler.ru
Admin ID:H4522631
Admin Name:Vasya Pupkin
Admin Organization:Private Person
Admin Street1:kfierikeoinoieno
Admin City:oieoipoik
Admin State/Province:chpikaepriekr
Admin Postal Code:34346
Admin Country:RU
Admin Phone:+7.380507797565
Admin Email:vasya-pupkin1122@rambler.ru
Tech ID:H4522634
Tech Name:Vasya Pupkin
Tech Organization:Private Person
Tech Street1:kfierikeoinoieno
Tech City:oieoipoik
Tech State/Province:chpikaepriekr
Tech Postal Code:34346
Tech Country:RU
Tech Phone:+7.380507797565
Tech Email:vasya-pupkin1122@rambler.ru
Billing ID:H4522637
Billing Name:Vasya Pupkin
Billing Organization:Private Person
Billing Street1:kfierikeoinoieno
Billing City:oieoipoik
Billing State/Province:chpikaepriekr
Billing Postal Code:34346
Billing Country:RU
Billing Phone:+7.380507797565
Billing Email:vasya-pupkin1122@rambler.ru
Sponsoring Registrar ID:H2440764
Sponsoring Registrar IANA ID:1606
Sponsoring Registrar Organization:Registrar of Domain Names REG.RU, LLC
Sponsoring Registrar Street1:Office 326, House 3 Vasily Petushkov Street
Sponsoring Registrar City:Moscow
Sponsoring Registrar Postal Code:125476
Sponsoring Registrar Country:RU
Sponsoring Registrar Phone:+74955801111
Sponsoring Registrar FAX:+74954915553
Sponsoring Registrar Website:http://www.reg.ru/
Name Server:NS1.UKRAINE.COM.UA
Name Server:NS2.UKRAINE.COM.UA
Name Server:NS3.UKRAINE.COM.UA
DNSSEC:Unsigned





1 comment: