If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled.
If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck.
IPtables:
There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.
U32:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFFF=0x02594d08 && 0x2c&0xDFDFDFDF=0x52435452 && 0x30&0xDFDFDFDF=0x48415348 && 0x34&0xFFDFDFDF=0x03434f4d && 0x28&0xFF000000=0x00000000" -j DROP -m comment --comment "DROP DNS Q ym.rctrhash.com"
More U32 rules can be found here:
https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt
String:
iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 57 --algo bm --hex-string '|02796d08726374726861736803636f6d00|' -j DROP -m comment --comment "DROP DNS Q ym.rctrhash.com"
More Iptables rules for the STRING module can be found here:
https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt
Source:
Unknown
Name server:
rctrhash.com. 51269 IN NS ns1.rctrhash.com.
rctrhash.com. 51269 IN NS ns2.rctrhash.com.
;; ADDITIONAL SECTION:
ns1.rctrhash.com. 51269 IN A 89.248.169.48
ns2.rctrhash.com. 51269 IN A 89.248.169.48
Response:
TXT 1
Rsize: 3955
Whois
Registry Domain ID: 1835442286_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2013-11-18T11:46:19Z
Creation Date: 2013-11-14T17:23:42Z
Registrar Registration Expiration Date: 2014-11-14T16:23:42Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller:
Domain Status: clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID:
Registrant Name: Grigoriy PETROV
Registrant Organization:
Registrant Street: Gandi, 63-65 boulevard Massena
Registrant City: (Gandi) Paris
Registrant State/Province:
Registrant Postal Code: (Gandi) 75013
Registrant Country: (Gandi) FR
Registrant Phone: (Gandi) +33.170377666
Registrant Phone Ext:
Registrant Fax: (Gandi) +33.143730576
Registrant Fax Ext:
Registrant Email: 4a4bed97a0e9d6c2a0d97bc74727e92c-1810474@contact.gandi.net
Registry Admin ID:
Admin Name: Grigoriy PETROV
Admin Organization:
Admin Street: Gandi, 63-65 boulevard Massena
Admin City: (Gandi) Paris
Admin State/Province:
Admin Postal Code: (Gandi) 75013
Admin Country: (Gandi) FR
Admin Phone: (Gandi) +33.170377666
Admin Phone Ext:
Admin Fax: (Gandi) +33.143730576
Admin Fax Ext:
Admin Email: 4a4bed97a0e9d6c2a0d97bc74727e92c-1810474@contact.gandi.net
Registry Tech ID:
Tech Name: Grigoriy PETROV
Tech Organization:
Tech Street: Gandi, 63-65 boulevard Massena
Tech City: (Gandi) Paris
Tech State/Province:
Tech Postal Code: (Gandi) 75013
Tech Country: (Gandi) FR
Tech Phone: (Gandi) +33.170377666
Tech Phone Ext:
Tech Fax: (Gandi) +33.143730576
Tech Fax Ext:
Tech Email: 4a4bed97a0e9d6c2a0d97bc74727e92c-1810474@contact.gandi.net
Name Server: NS1.RCTRHASH.COM
Name Server: NS2.RCTRHASH.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
No comments:
Post a Comment