If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled.
If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck.
IPtables:
There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.
U32:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFFFDF=0x01580a58 && 0x2c&0xDFDFDFDF=0x49505a45 && 0x30&0xDFDFDFDF=0x52535343 && 0x34&0xDFFFDFDF=0x4303434f && 0x38&0xDFFF0000=0x4d000000" -j DROP -m comment --comment "DROP DNS Q x.xipzersscc.com"
More U32 rules can be found here:
https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt
String:
iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 58 --algo bm --hex-string '|01780A7869707a65727373636303636f6d00|' -j DROP -m comment --comment "DROP DNS Q x.xipzersscc.com"
More Iptables rules for the STRING module can be found here:
https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt
Source:
93.174.93.83 - Ecatel
Name server:
xipzersscc.com. 83259 IN NS dns1.xipzersscc.com.
xipzersscc.com. 83259 IN NS dns2.xipzersscc.com.
dns1.xipzersscc.com. 49174 IN A 81.4.127.231 ~proserve
TXT 1
Rsize ??
Response:
TXT 1
Rsize ??
Whois
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: xipzersscc.com
Registry Domain ID: 1829670299_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2014-01-18T00:19:49Z
Creation Date: 2013-10-02T18:18:04Z
Registrar Registration Expiration Date: 2014-10-02T18:18:04Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller:
Domain Status: clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID:
Registrant Name: John Enhels
Registrant Organization:
Registrant Street: Enhelsa str.
Registrant City: Nikolayev
Registrant State/Province:
Registrant Postal Code: 54001
Registrant Country: UA
Registrant Phone: +380.631408690
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 9bc94a3beada01ccb905d70b6e04b536-1788120@contact.gandi.net
Registry Admin ID:
Admin Name: John Enhels
Admin Organization:
Admin Street: Enhelsa str.
Admin City: Nikolayev
Admin State/Province:
Admin Postal Code: 54001
Admin Country: UA
Admin Phone: +380.631408690
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 9bc94a3beada01ccb905d70b6e04b536-1788120@contact.gandi.net
Registry Tech ID:
Tech Name: John Enhels
Tech Organization:
Tech Street: Enhelsa str.
Tech City: Nikolayev
Tech State/Province:
Tech Postal Code: 54001
Tech Country: UA
Tech Phone: +380.631408690
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 9bc94a3beada01ccb905d70b6e04b536-1788120@contact.gandi.net
Name Server: DNS1.XIPZERSSCC.COM
Name Server: DNS2.XIPZERSSCC.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2014-01-24T10:54:07Z <<<
No comments:
Post a Comment