Originally Posted by deSousa
Fascinating! I wonder how many other websites out there have also 50% of their traffic used up by DDoS attacks? And how many of these have a VAXman administering them!?
Just for the sake of curiosity, can you reveal what kind of targets are being hit by these fake requests?
The networks are all listed in my post; however, I didn't save the actual target IPs that caused me to block those networks.
Ironically, ost of them turned out to be the web sites of companies offering DDoS mitigation services or appliances. Several others were web hosting and co-lo service companies.
Currently, there is this address: 22.214.171.124
dig tells me:
vaxman@Satellite:~$ dig -x 126.96.36.199
; <<>> DiG 9.7.0-P1 <<>> -x 188.8.131.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1203
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;184.108.40.206.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
17.249.66.in-addr.arpa. 1739 IN SOA ns1.dnscloud.com. hosting-support.spry.com. 1278544067 7200 3600 604800 259200
;; Query time: 21 msec
;; SERVER: 220.127.116.11#53(18.104.22.168)
;; WHEN: Wed Oct 3 11:22:22 2012
;; MSG SIZE rcvd: 117
Looks like a hosting site.
vaxman@Satellite:~$ whois 22.214.171.124
# Query terms are ambiguous. The query is assumed to be:
# "n 126.96.36.199"
# Use "?" to get help.
# The following results may also be obtained via:
The Endurance International Group, Inc. BIZLAND-FC01 (NET-66-249-0-0-1) 188.8.131.52 - 184.108.40.206
Name Intelligence, Inc. NAMEI-NET-1 (NET-66-249-16-0-1) 220.127.116.11 - 18.104.22.168
# available at: https://www.arin.net/whois_tou.html
I'll ACL 22.214.171.124 0.0.1.255.
(Name Intelligence Inc.'s network)
Watcher of the moon, watcher of all.
Mopper of the moon, mopper of all.
-- Aural Moon's Janitorial Services
and Restroom Supplies, and Techno-patsy --
Cogito ergo iMac.