FAQ - README


Welcome to this blog. 

Most of the content on this blog will be automatically published by some scripts I run at a set interval. These scripts analyse the output from a very low bandwidth Open DNS resolver that I run.

This open resolver is frequently 'abused'  by cybercriminals to perform DNS amplification attacks.

You might wonder why I do this as I appear to be attacking random hosts on the internet.

Well first of all, it is very interesting to see what hosts get attacked.
Secondly observing the incomming spoofed traffic from the real attacker(s) reveals some information about the attack that the receiver cannot see.

Disclamer:

I AM NOT THE ATTACKER.
I AM NOT A CROOK.
I AM NOT A CYBERCRIMINAL.
I'm a good guy reporting evil!

Traffic originated from my resolver is very small and will be less than a drop compared to the traffic that is going your way as a result of the millions of open resolvers** on the net. Though if an attack lasts for too long and surpasses a certain threshold, I will automatically stop participating. This does not impact the stats shown  on the blog.

Contact me if you like: smurfmonitor gmail com

See:

10 comments:

  1. Check out the amplification for www.djcgrafix.netfirms.com and jerusalem.netfirms.com

    ReplyDelete
    Replies
    1. Where did you find those domains? I havn't seen them yet.

      Delete
    2. Can I email you?

      I run a very large public DNS resolver and saw them in my security sweeps.

      Delete
    3. Sure can you follow me on twitter and PM me there?

      Delete
    4. I don't do 'the twitter'.

      I think my sign up with your blog comments has an e-mail address for me.

      Delete
    5. Contact me at smurfmonitor [at] gmail [.] com

      Delete
  2. thanks alot for this page, helped me very much

    peace and love from germany

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. I got alot inform. thanks
    I also interest like this phenomenon.

    but, i have some question.
    how to classification amplification url?
    and it's possible we make amplification url?

    if you know about this, plz tell me :)

    have a nice day !

    ReplyDelete
  5. Thank you for helping me be a slightly more competent sysadmin.

    ReplyDelete