View Single Post
  #12  
Old 10-03-2012, 10:27 AM
VAXman's Avatar
VAXman(Admin) VAXman is online now
progger propellerhead
 
Join Date: Dec 2003
Location: Presently reside in Jackson (southern) NJ (20 miles east of NEARfest 2002 & 2003
Posts: 2,354
Send a message via AIM to VAXman Send a message via Skype™ to VAXman
Re: Recent DDoS Attacks

Quote:
Originally Posted by deSousa View Post
Fascinating! I wonder how many other websites out there have also 50% of their traffic used up by DDoS attacks? And how many of these have a VAXman administering them!?

Just for the sake of curiosity, can you reveal what kind of targets are being hit by these fake requests?
The networks are all listed in my post; however, I didn't save the actual target IPs that caused me to block those networks.

Ironically, ost of them turned out to be the web sites of companies offering DDoS mitigation services or appliances. Several others were web hosting and co-lo service companies.

Currently, there is this address: 66.249.17.112

dig tells me:

Code:
vaxman@Satellite:~$ dig -x 66.249.17.112 ; <<>> DiG 9.7.0-P1 <<>> -x 66.249.17.112 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1203 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;112.17.249.66.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 17.249.66.in-addr.arpa. 1739 IN SOA ns1.dnscloud.com. hosting-support.spry.com. 1278544067 7200 3600 604800 259200 ;; Query time: 21 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Wed Oct 3 11:22:22 2012 ;; MSG SIZE rcvd: 117
Looks like a hosting site.

Whois says:

Code:
vaxman@Satellite:~$ whois 66.249.17.112 # # Query terms are ambiguous. The query is assumed to be: # "n 66.249.17.112" # # Use "?" to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=66.249.17.112?showDetails=true&showARIN=false&ext=netref2 # The Endurance International Group, Inc. BIZLAND-FC01 (NET-66-249-0-0-1) 66.249.0.0 - 66.249.31.255 Name Intelligence, Inc. NAMEI-NET-1 (NET-66-249-16-0-1) 66.249.16.0 - 66.249.17.255 # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html #
I'll ACL 66.249.16.0 0.0.1.255. (Name Intelligence Inc.'s network)
__________________
VAXman -- Watcher of the moon, watcher of all.
----------------Mopper of the moon, mopper of all.
-------------------- Aural Moon's Janitorial Services
---------------------and Restroom Supplies, and Techno-patsy --

Cogito ergo iMac.         
Reply With Quote