If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled.
If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck.
IPtables:
There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.
U32:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x094c5243 && 0x2c&0xFFDFDFDF=0x2d504950 && 0x30&0xDFDFFFDF=0x45430343 && 0x34&0xDFDFFF00=0x4f4d0000" -j DROP -m comment --comment "DROP DNS Q lrc-pipec.com"
More U32 rules can be found here:
https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt
String:
iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 55 --algo bm --hex-string '|096c72632d706970656303636f6d00|' -j DROP -m comment --comment "DROP DNS Q lrc-pipec.com"
More Iptables rules for the STRING module can be found here:
https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt
Source:
89.248.172.203
Name server:
;; ANSWER SECTION:
lrc-pipec.com. 10800 IN NS b.dns.gandi.net.
lrc-pipec.com. 10800 IN NS c.dns.gandi.net.
lrc-pipec.com. 10800 IN NS a.dns.gandi.net.
Response:
A 242
MX 2
NS 3
SOA 1
Rsize 4041
Whois
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: LRC-PIPEC.COM
Registrar: GANDI SAS
Whois Server: whois.gandi.net
Referral URL: http://www.gandi.net
Name Server: A.DNS.GANDI.NET
Name Server: B.DNS.GANDI.NET
Name Server: C.DNS.GANDI.NET
Status: clientTransferProhibited
Updated Date: 07-nov-2013
Creation Date: 07-nov-2013
Expiration Date: 07-nov-2014
>>> Last update of whois database: Fri, 15 Nov 2013 00:22:49 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: lrc-pipec.com
Registry Domain ID: 1834550409_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2013-11-07T19:11:08Z
Creation Date: 2013-11-07T16:12:26Z
Registrar Registration Expiration Date: 2014-11-07T15:12:26Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller:
Domain Status: clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID:
Registrant Name: Viktor BARINOV
Registrant Organization:
Registrant Street: Gandi, 63-65 boulevard Massena
Registrant City: (Gandi) Paris
Registrant State/Province:
Registrant Postal Code: (Gandi) 75013
Registrant Country: (Gandi) FR
Registrant Phone: (Gandi) +33.170377666
Registrant Phone Ext:
Registrant Fax: (Gandi) +33.143730576
Registrant Fax Ext:
Registrant Email: 105e9ac19694fce132c4aacf57a58490-1806369@contact.gandi.net
Registry Admin ID:
Admin Name: Viktor BARINOV
Admin Organization:
Admin Street: Gandi, 63-65 boulevard Massena
Admin City: (Gandi) Paris
Admin State/Province:
Admin Postal Code: (Gandi) 75013
Admin Country: (Gandi) FR
Admin Phone: (Gandi) +33.170377666
Admin Phone Ext:
Admin Fax: (Gandi) +33.143730576
Admin Fax Ext:
Admin Email: 105e9ac19694fce132c4aacf57a58490-1806369@contact.gandi.net
Registry Tech ID:
Tech Name: Viktor BARINOV
Tech Organization:
Tech Street: Gandi, 63-65 boulevard Massena
Tech City: (Gandi) Paris
Tech State/Province:
Tech Postal Code: (Gandi) 75013
Tech Country: (Gandi) FR
Tech Phone: (Gandi) +33.170377666
Tech Phone Ext:
Tech Fax: (Gandi) +33.143730576
Tech Fax Ext:
Tech Email: 105e9ac19694fce132c4aacf57a58490-1806369@contact.gandi.net
Name Server: A.DNS.GANDI.NET
Name Server: B.DNS.GANDI.NET
Name Server: C.DNS.GANDI.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2013-11-15T00:23:17Z <<<
Reseller Email:
Reseller URL:
Personal data access and use are governed by French law, any use for
the purpose of unsolicited mass commercial advertising as well as any
mass or automated inquiries (for any intent other than the
registration or modification of a domain name) are strictly forbidden.
Copy of whole or part of our database without Gandi's endorsement is
strictly forbidden.
The owner of a domain is the person specified as "Registrant Name" for
a natural person and "Registrant Organization" for a legal person.
Domain ownership disputes should be settled using ICANN's Uniform
Dispute Resolution Policy: http://www.icann.org/en/help/dndr#udrp
No comments:
Post a Comment