If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled.
If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck.
IPtables:
There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.
U32:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x08464b46 && 0x2c&0xDFDFDFDF=0x4b464b46 && 0x30&0xDFFFDFDF=0x5203434f && 0x34&0xDFFF0000=0x4d000000" -j DROP -m comment --comment "DROP DNS Q fkfkfkfr.com"
More U32 rules can be found here:
https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt
String:
iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 54 --algo bm --hex-string '|08666b666b666b667203636f6d00|' -j DROP -m comment --comment "DROP DNS Q fkfkfkfr.com"
More Iptables rules for the STRING module can be found here:
https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt
Source:
No IP source for this domain
Name server:
;; ANSWER SECTION:
fkfkfkfr.com. 21599 IN NS ns6.fkfkfkfr.com.
fkfkfkfr.com. 21599 IN NS ns5.fkfkfkfr.com.
Response:
A 243
NS 2
SOA 1
Rsize 3974
Whois
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: FKFKFKFR.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com/en_US/
Name Server: NS5.FKFKFKFR.COM
Name Server: NS6.FKFKFKFR.COM
Status: clientTransferProhibited
Updated Date: 29-jan-2014
Creation Date: 28-jan-2014
Expiration Date: 28-jan-2015
>>> Last update of whois database: Mon, 10 Feb 2014 23:56:52 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: FKFKFKFR.COM
Registry Domain ID:
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://www.networksolutions.com/en_US/
Updated Date: 2014-01-28T00:00:00Z
Creation Date: 2014-01-28T00:00:00Z
Registrar Registration Expiration Date: 2015-01-28T00:00:00Z
Registrar: NETWORK SOLUTIONS, LLC.
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: 800-333-7680
Reseller:
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Rattani, Altaf
Registrant Organization:
Registrant Street: ATTN insert domain name here care of Network Solutions PO Box 459
Registrant City: Drums
Registrant State/Province: PA
Registrant Postal Code: 18222
Registrant Country: US
Registrant Phone: 570-708-8780
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:
Registry Admin ID:
Admin Name: Rattani, Altaf
Admin Organization: null
Admin Street: ATTN insert domain name here care of Network Solutions PO Box 459
Admin City: Drums
Admin State/Province: PA
Admin Postal Code: 18222
Admin Country: US
Admin Phone: 570-708-8780
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: my3cx65984r@networksolutionsprivateregistration.com
Registry Tech ID:
Tech Name: Rattani, Altaf
Tech Organization: null
Tech Street: ATTN insert domain name here care of Network Solutions PO Box 459
Tech City: Drums
Tech State/Province: PA
Tech Postal Code: 18222
Tech Country: US
Tech Phone: 570-708-8780
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: my3cx65984r@networksolutionsprivateregistration.com
Name Server: NS5.FKFKFKFR.COM
Name Server: NS6.FKFKFKFR.COM
DNSSEC: not signed
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of whois database: Mon, 10 Feb 2014 23:56:52 UTC <<<
This listing is a Network Solutions Private Registration. Mail
correspondence to this address must be sent via USPS Express Mail(TM) or
USPS Certified Mail(R); all other mail will not be processed. Be sure to
include the registrant's domain name in the address.
The data in Networksolutions.com's WHOIS database is provided to you by
Networksolutions.com for information purposes only, that is, to assist you in
obtaining information about or related to a domain name registration
record. Networksolutions.com makes this information available "as is," and
does not guarantee its accuracy. By submitting a WHOIS query, you
agree that you will use this data only for lawful purposes and that,
under no circumstances will you use this data to: (1) allow, enable,
or otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via direct mail, electronic mail, or by
telephone; or (2) enable high volume, automated, electronic processes
that apply to Networksolutions.com (or its systems). The compilation,
repackaging, dissemination or other use of this data is expressly
prohibited without the prior written consent of Networksolutions.com.
Networksolutions.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
No comments:
Post a Comment