If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled.
If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck.
IPtables:
There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.
U32:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28=0x05333739 && 0x2c&0xDFDFFFDF=0x5a430343 && 0x30&0xDFDFFF00=0x4f4d0000" -j DROP -m comment --comment "DROP DNS Q 379zc.com"
More U32 rules can be found here:
https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt
String:
iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 51 --algo bm --hex-string '|053337397a6303636f6d00|' -j DROP -m comment --comment "DROP DNS Q 379zc.com"
More Iptables rules for the STRING module can be found here:
https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt
Source:
No IP source for this domain
Name server:
;; ANSWER SECTION:
379zc.com. 3771 IN NS ns2.mmtac1.com.
379zc.com. 3771 IN NS ns3.mmtac1.com.
379zc.com. 3771 IN NS ns1.mmtac1.com.
379zc.com. 3771 IN NS ns4.mmtac1.com.
;; ADDITIONAL SECTION:
ns1.mmtac1.com. 161983 IN A 64.62.186.91
ns1.mmtac1.com. 161983 IN A 162.211.182.100
ns1.mmtac1.com. 161983 IN A 162.211.182.106
ns1.mmtac1.com. 161983 IN A 162.212.182.66
ns1.mmtac1.com. 161983 IN A 162.212.182.67
ns1.mmtac1.com. 161983 IN A 162.212.182.81
ns1.mmtac1.com. 161983 IN A 162.212.182.163
ns1.mmtac1.com. 161983 IN A 162.212.182.165
ns1.mmtac1.com. 161983 IN A 64.62.186.74
ns1.mmtac1.com. 161983 IN A 64.62.186.77
ns2.mmtac1.com. 161983 IN A 162.211.182.100
ns2.mmtac1.com. 161983 IN A 162.211.182.106
ns2.mmtac1.com. 161983 IN A 162.212.182.66
ns2.mmtac1.com. 161983 IN A 162.212.182.67
ns2.mmtac1.com. 161983 IN A 162.212.182.81
ns2.mmtac1.com. 161983 IN A 162.212.182.163
ns2.mmtac1.com. 161983 IN A 162.212.182.165
ns2.mmtac1.com. 161983 IN A 64.62.186.74
ns2.mmtac1.com. 161983 IN A 64.62.186.77
ns2.mmtac1.com. 161983 IN A 64.62.186.91
Response:
A 257
NS 4
SOA 1
Rsize 4247
Whois
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: 379ZC.COM
Registrar: WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC
Whois Server: whois.webnic.cc
Referral URL: http://www.webnic.cc
Name Server: NS1.MMTAC1.COM
Name Server: NS2.MMTAC1.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 27-sep-2013
Creation Date: 27-sep-2013
Expiration Date: 27-sep-2014
>>> Last update of whois database: Sun, 06 Oct 2013 19:42:10 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
The Data in Web Commerce Communications Limited ("WEBCC")'s WHOIS database
is provided by WEBCC for information purposes, and to assist in obtaining
information about or related to a domain name registration record. WEBCC
does not guarantee its accuracy. By submitting a WHOIS query, you agree
that you will use this Data only for lawful purposes and that, under no
circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via e-mail (spam).
(2) enable high volume, automated, electronic processes that apply to WEBCC
(or its systems).
The compilation, repackaging, dissemination or other use of this Data is
expressly prohibited without the prior written consent of WEBCC. WEBCC
reserves the right to terminate your access to the WEBCC WHOIS database in
its sole discretion, including without limitation, for excessive querying
of the WHOIS database or for failure to otherwise abide by this policy.
WEBCC reserves the right to modify these terms at any time.
Domain: 379zc.com
Status: Protected
DNS:
ns1.mmtac1.com
ns2.mmtac1.com
Created: 2013-09-27 15:08:09
Expires: 2014-09-27 07:08:09
Last Modified: 2013-09-27 15:08:08
Registrant Contact:
Hong Yuan
yuan hong (asdfasdf@google.com)
No.331, asdaf Road
changsha, Hunan, cn 418001
P: +745.2714389 F: +0.0
Administrative Contact:
Hong Yuan
yuan hong (asdfasdf@google.com)
No.331, asdaf Road
changsha, Hunan, cn 418001
P: +745.2714389 F: +0.0
Technical Contact:
Hong Yuan
yuan hong (asdfasdf@google.com)
No.331, asdaf Road
changsha, Hunan, cn 418001
P: +745.2714389 F: +0.0
Billing Contact:
Hong Yuan
yuan hong (asdfasdf@google.com)
No.331, asdaf Road
changsha, Hunan, cn 418001
P: +745.2714389 F: +0.0
No comments:
Post a Comment