Welcome to this blog.
Most of the content on this blog will be automatically published by some scripts I run at a set interval. These scripts analyse the output from a very low bandwidth Open DNS resolver that I run.
This open resolver is frequently 'abused' by cybercriminals to perform DNS amplification attacks.
You might wonder why I do this as I appear to be attacking random hosts on the internet.
Well first of all, it is very interesting to see what hosts get attacked.
Secondly observing the incomming spoofed traffic from the real attacker(s) reveals some information about the attack that the receiver cannot see.
Disclamer:
I AM NOT THE ATTACKER.
I AM NOT A CROOK.
I AM NOT A CYBERCRIMINAL.
I'm a good guy reporting evil!
Traffic originated from my resolver is very small and will be less than a drop compared to the traffic that is going your way as a result of the millions of open resolvers** on the net. Though if an attack lasts for too long and surpasses a certain threshold, I will automatically stop participating. This does not impact the stats shown on the blog.
Contact me if you like: smurfmonitor gmail com
See:
Check out the amplification for www.djcgrafix.netfirms.com and jerusalem.netfirms.com
ReplyDeleteWhere did you find those domains? I havn't seen them yet.
DeleteCan I email you?
DeleteI run a very large public DNS resolver and saw them in my security sweeps.
Sure can you follow me on twitter and PM me there?
DeleteI don't do 'the twitter'.
DeleteI think my sign up with your blog comments has an e-mail address for me.
Contact me at smurfmonitor [at] gmail [.] com
Deletethanks alot for this page, helped me very much
ReplyDeletepeace and love from germany
This comment has been removed by the author.
ReplyDeleteI got alot inform. thanks
ReplyDeleteI also interest like this phenomenon.
but, i have some question.
how to classification amplification url?
and it's possible we make amplification url?
if you know about this, plz tell me :)
have a nice day !
Thank you for helping me be a slightly more competent sysadmin.
ReplyDelete