Go Back   Aural Moon - Progressive Rock Discussion > Station News > Website
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 10-03-2012, 10:30 AM
deSousa's Avatar
deSousa deSousa is offline
Registered User
 
Join Date: Nov 2008
Location: Esch-sur-Alzette
Posts: 130
Re: Recent DDoS Attacks

Fascinating! I wonder how many other websites out there have also 50% of their traffic used up by DDoS attacks? And how many of these have a VAXman administering them!?

Just for the sake of curiosity, can you reveal what kind of targets are being hit by these fake requests?
__________________
Music musings | Last.fm profile

...and left a galaxy of dreams behind...
Reply With Quote
  #2  
Old 10-03-2012, 11:27 AM
VAXman's Avatar
VAXman(Admin) VAXman is offline
progger propellerhead
 
Join Date: Dec 2003
Location: Presently reside in Jackson (southern) NJ (20 miles east of NEARfest 2002 & 2003
Posts: 2,362
Send a message via AIM to VAXman Send a message via Skype™ to VAXman
Re: Recent DDoS Attacks

Quote:
Originally Posted by deSousa View Post
Fascinating! I wonder how many other websites out there have also 50% of their traffic used up by DDoS attacks? And how many of these have a VAXman administering them!?

Just for the sake of curiosity, can you reveal what kind of targets are being hit by these fake requests?
The networks are all listed in my post; however, I didn't save the actual target IPs that caused me to block those networks.

Ironically, ost of them turned out to be the web sites of companies offering DDoS mitigation services or appliances. Several others were web hosting and co-lo service companies.

Currently, there is this address: 66.249.17.112

dig tells me:

Code:
vaxman@Satellite:~$ dig -x 66.249.17.112 ; <<>> DiG 9.7.0-P1 <<>> -x 66.249.17.112 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1203 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;112.17.249.66.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 17.249.66.in-addr.arpa. 1739 IN SOA ns1.dnscloud.com. hosting-support.spry.com. 1278544067 7200 3600 604800 259200 ;; Query time: 21 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Wed Oct 3 11:22:22 2012 ;; MSG SIZE rcvd: 117
Looks like a hosting site.

Whois says:

Code:
vaxman@Satellite:~$ whois 66.249.17.112 # # Query terms are ambiguous. The query is assumed to be: # "n 66.249.17.112" # # Use "?" to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=66.249.17.112?showDetails=true&showARIN=false&ext=netref2 # The Endurance International Group, Inc. BIZLAND-FC01 (NET-66-249-0-0-1) 66.249.0.0 - 66.249.31.255 Name Intelligence, Inc. NAMEI-NET-1 (NET-66-249-16-0-1) 66.249.16.0 - 66.249.17.255 # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html #
I'll ACL 66.249.16.0 0.0.1.255. (Name Intelligence Inc.'s network)
__________________
VAXman -- Watcher of the moon, watcher of all.
----------------Mopper of the moon, mopper of all.
-------------------- Aural Moon's Janitorial Services
---------------------and Restroom Supplies, and Techno-patsy --

Cogito ergo iMac.         
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -5. The time now is 02:11 PM.