tag:blogger.com,1999:blog-8623811450826211059.post5907406651444680081..comments2022-10-26T06:35:08.831-07:00Comments on DNS Amplification Attacks Observer: Domain: mydnsscan.usdnsamplificationattackshttp://www.blogger.com/profile/01320145168822507091noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-8623811450826211059.post-10368142864489456272013-09-02T05:48:47.810-07:002013-09-02T05:48:47.810-07:00Hi calu, thanks for the pcap.
I will look further ...Hi calu, thanks for the pcap.<br />I will look further in to this, but you have been hit by atleast two types of attacks. I the majority is a Chargen attack and also some traffic related to DNS amplification. dnsamplificationattackshttps://www.blogger.com/profile/01320145168822507091noreply@blogger.comtag:blogger.com,1999:blog-8623811450826211059.post-32462308578080616392013-09-01T17:37:30.082-07:002013-09-01T17:37:30.082-07:00iam being Hitted by a very big and distributed UDP...iam being Hitted by a very big and distributed UDP and all i see on .cap is anonsc.com<br />.cap file:<br />www.helbreathnemesis.com/downloads/11.rarcaluhttps://www.blogger.com/profile/13643695415956084525noreply@blogger.comtag:blogger.com,1999:blog-8623811450826211059.post-56521015958046044512013-07-07T13:36:17.219-07:002013-07-07T13:36:17.219-07:00I mean IPs.
This connection ran a DNS server unt...I mean IPs. <br /><br />This connection ran a DNS server until the other day, I closed it down and I'm now dropping inbound packets on port 53. Firewall is still getting hit hard, but is no longer replying. <br /><br />By 3 different addresses I mean that I have 3 unique IPs sending hundreds of thousands of DNS queries for mydnsscan.us or 1rip.com at one point in time. <br />Cytrexhttps://www.blogger.com/profile/17004154436566643814noreply@blogger.comtag:blogger.com,1999:blog-8623811450826211059.post-75723456788460200802013-07-06T13:57:27.779-07:002013-07-06T13:57:27.779-07:00'sometimes getting hit by 3 different address ...'sometimes getting hit by 3 different address out there at the same time'<br /><br />Do you mean IPs or Domains?<br /><br />If it is IPs than perhaps you are actually running a DNS server on that line..dnsamplificationattackshttps://www.blogger.com/profile/01320145168822507091noreply@blogger.comtag:blogger.com,1999:blog-8623811450826211059.post-56386319043836726572013-07-06T11:48:20.788-07:002013-07-06T11:48:20.788-07:00My backdoor connection to my place of work is gett...My backdoor connection to my place of work is getting DoS'ed pretty much with UDP DNS queries for A Record mydnsscan.us and A Record 1rip.com. My backdoor connection isn't too great but this traffic is managing to cause many more connection problems. Really annoying :( I am sometimes getting hit by 3 different address' out there at the same time. Cytrexhttps://www.blogger.com/profile/17004154436566643814noreply@blogger.comtag:blogger.com,1999:blog-8623811450826211059.post-67695135094913029722013-07-03T16:28:23.459-07:002013-07-03T16:28:23.459-07:00This is true, but I also base it on the fact that ...This is true, but I also base it on the fact that a couple of these domains use(d) the same Name Server IPs and initial first request often came from the same IP ranges or even the same hosts. Got Any more information to share on the internet.bs registrar?dnsamplificationattackshttps://www.blogger.com/profile/01320145168822507091noreply@blogger.comtag:blogger.com,1999:blog-8623811450826211059.post-49826005752231228372013-07-02T15:52:52.463-07:002013-07-02T15:52:52.463-07:00The fact that all of these domains are registered ...The fact that all of these domains are registered with Internet.bs is more due to its status as a safe harbor to domains used by spammers, malware peddlers, phishers, and other scum. They are almost completely unresponsive to abuse reports and every lowlife knows this, which is why you see all of these domains registered there. It's not necessarily indicative of the same person or group being behind these domains.archipelagianhttps://www.blogger.com/profile/07438262441808384705noreply@blogger.com