Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: NANOG: users DNS deluge for x.p.ctrc.cc   Index | Next | Previous | View Flat

pestes at Covad Feb 24, 2006, 9:25 AM Views: 24484 Permalink DNS deluge for x.p.ctrc.cc We have recently noticed a deluge of DNS requests for "ANY ANY" records of x.p.ctrc.cc. The requests are coming from thousands of sources, mostly our own customers. There are currently no records for x.p.ctrc.cc, or even for p.ctrc.cc. A google search for x.p.ctrc.cc comes up with only 2 hits. One is a DNS log showing references to this name. The other one shows that somebody else is seeing the same behavior as we are: http://weblog.barnet.com.au/edwin/cat_networking.html However, this site has the benefit or providing a history that p.ctrc.cc had (a week ago) delegated NS record pointing to 321blowjob.com. At that time, 321blowjob.com's nameserver was responding with a TXT record for x.p.ctrc.cc. It would appear that ctrc.cc was the victim of some DNS hijacking. Whatever malware is attempting to lookup this name, however, is doing so at a horrific rate. I have some addresses that have made >250000 requests for this name in a short period of time. I was thinking that I could simply put an authoritative zone for p.ctrc.cc in our nameservers and return something for the lookups, however based on the writeup on the above mentions blog, I am now not certain this will have any effect. As you'll note, that individual had only 2 machines hitting his name server, and even though a response was provided to the lookup, the hosts continued to hammer his access link. When the lookup flood occurs, every host starts at the same time, as can be seen on the graphs of traffic to and load of our nameservers. It's all or nothing - the flood is either on or off. There's no background trickle. Is anybody else seeing these events? --Paul

Subject User Time DNS deluge for x.p.ctrc.cc pestes at Covad Feb 24, 2006, 9:25 AM     Re: DNS deluge for x.p.ctrc.cc randy at psg Feb 24, 2006, 9:33 AM     Re: DNS deluge for x.p.ctrc.cc william at elan Feb 24, 2006, 9:46 AM     RE: DNS deluge for x.p.ctrc.cc pestes at Covad Feb 24, 2006, 10:14 AM     Re: DNS deluge for x.p.ctrc.cc ge at linuxbox Feb 24, 2006, 10:19 AM     RE: DNS deluge for x.p.ctrc.cc ejay.hire at isdn Feb 24, 2006, 10:30 AM         Re: DNS deluge for x.p.ctrc.cc brett at the-watsons Feb 24, 2006, 10:42 AM     Re: DNS deluge for x.p.ctrc.cc randy at psg Feb 24, 2006, 10:47 AM         Re: DNS deluge for x.p.ctrc.cc ge at linuxbox Feb 24, 2006, 10:50 AM         Re: DNS deluge for x.p.ctrc.cc brett at the-watsons Feb 24, 2006, 11:06 AM     Re: DNS deluge for x.p.ctrc.cc robt at cymru Feb 24, 2006, 2:33 PM     Re: DNS deluge for x.p.ctrc.cc stuart at tech Feb 24, 2006, 2:59 PM     Re: DNS deluge for x.p.ctrc.cc cmadams at hiwaay Feb 24, 2006, 4:58 PM         Re: DNS deluge for x.p.ctrc.cc jlewis at lewis Feb 25, 2006, 1:42 PM     Re: DNS deluge for x.p.ctrc.cc bmanning at vacation Feb 25, 2006, 12:41 AM         Re: DNS deluge for x.p.ctrc.cc nsuan at nonexiste Feb 25, 2006, 2:08 AM         Re: DNS deluge for x.p.ctrc.cc robt at cymru Feb 25, 2006, 8:04 AM         Re: DNS deluge for x.p.ctrc.cc nanog-post at rsuc Feb 25, 2006, 8:24 AM         Re: DNS deluge for x.p.ctrc.cc jabley at isc Feb 26, 2006, 9:02 AM             Re: DNS deluge for x.p.ctrc.cc christopher.morrow at verizonbusiness Feb 26, 2006, 1:04 PM     Re: DNS deluge for x.p.ctrc.cc smb at cs Feb 25, 2006, 6:00 AM     Re: DNS deluge for x.p.ctrc.cc randy at psg Feb 25, 2006, 11:26 PM         Re: DNS deluge for x.p.ctrc.cc vixie at vix Feb 26, 2006, 8:18 AM             Re: DNS deluge for x.p.ctrc.cc vixie at vix Feb 26, 2006, 8:22 AM     Re: DNS deluge for x.p.ctrc.cc jlewis at lewis Feb 26, 2006, 8:53 AM     Re: DNS deluge for x.p.ctrc.cc vixie at vix Feb 26, 2006, 1:33 PM         Re: DNS deluge for x.p.ctrc.cc bmanning at vacation Feb 26, 2006, 3:07 PM             Re: DNS deluge for x.p.ctrc.cc paul at vix Feb 26, 2006, 4:31 PM     Re: DNS deluge for x.p.ctrc.cc paul at vix Feb 26, 2006, 4:27 PM     Re: DNS deluge for x.p.ctrc.cc blyon at prolexic Feb 26, 2006, 7:02 PM         Re: DNS deluge for x.p.ctrc.cc robt at cymru Feb 27, 2006, 8:04 AM     Re: DNS deluge for x.p.ctrc.cc anon.hero at gmail Mar 2, 2006, 1:10 PM     Re: DNS deluge for x.p.ctrc.cc ge at linuxbox Mar 2, 2006, 1:54 PM         Re: DNS deluge for x.p.ctrc.cc christopher.morrow at verizonbusiness Mar 2, 2006, 8:21 PM

Index | Next | Previous | View Flat   NANOG     users

Interested in having your list archived? Contact lists@gossamer-threads.com
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.