If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled.
If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck.
IPtables:
There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.
U32:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x06444152 && 0x2c&0xDFDFDFFF=0x4b595503 && 0x30&0xDFDFDFFF=0x4f524700" -j DROP -m comment --comment "DROP DNS Q darkyu.org"
More U32 rules can be found here:
https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt
String:
iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 52 --algo bm --hex-string '|066461726b7975036f726700|' -j DROP -m comment --comment "DROP DNS Q darkyu.org"
More Iptables rules for the STRING module can be found here:
https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt
Source:
No IP source for this domain
Name server:
darkyu.org. 86400 IN NS dns1.darkyu.org.
darkyu.org. 86400 IN NS dns2.darkyu.org.
Response:
TXT 12Rsize 3219
Whois
Domain ID:D164751413-LROR
Domain Name:DARKYU.ORG
Created On:18-Feb-2012 15:10:15 UTC
Last Updated On:27-Aug-2013 03:12:48 UTC
Expiration Date:18-Feb-2014 15:10:15 UTC
Sponsoring Registrar:Bizcn.com, Inc. (R1248-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:orgxd29577813738
Registrant Name:xl d
Registrant Organization:dxl dxl
Registrant Street1:beijing beijing
Registrant Street2:
Registrant Street3:
Registrant City:beijing
Registrant State/Province:beijing
Registrant Postal Code:100000
Registrant Country:CN
Registrant Phone:+86.11221122112
Registrant Phone Ext.:
Registrant FAX:+86.11221122112
Registrant FAX Ext.:
Registrant Email:583006337@qq.com
Admin ID:orgxd29577814866
Admin Name:xl d
Admin Organization:xl d
Admin Street1:beijing beijing
Admin Street2:
Admin Street3:
Admin City:beijing
Admin State/Province:beijing
Admin Postal Code:100000
Admin Country:CN
Admin Phone:+86.11221122112
Admin Phone Ext.:
Admin FAX:+86.11221122112
Admin FAX Ext.:
Admin Email:583006337@qq.com
Tech ID:orgxd29577815083
Tech Name:xl d
Tech Organization:xl d
Tech Street1:beijing beijing
Tech Street2:
Tech Street3:
Tech City:beijing
Tech State/Province:beijing
Tech Postal Code:100000
Tech Country:CN
Tech Phone:+86.11221122112
Tech Phone Ext.:
Tech FAX:+86.11221122112
Tech FAX Ext.:
Tech Email:583006337@qq.com
Name Server:DNS1.DARKYU.ORG
Name Server:DNS2.DARKYU.ORG
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned
No comments:
Post a Comment