nanog mailing list archives
RE: d6991.com traffic
From: "Meshier, Brent" <bmeshier () amherst com>
Date: Mon, 23 Sep 2013 17:11:04 +0000
Could be DNS packet tunneling to China, bad news. https://www.sans.org/reading-room/whitepapers/dns/detecting-dns-tunneling-34152 -----Original Message----- From: Christopher Hunt [mailto:dharmachris () gmail com] Sent: Monday, September 23, 2013 11:55 AM To: nanog () nanog org Subject: d6991.com traffic Beginning about 0900UTC we began seeing about 50x our usual DNS traffic. 75% of the traffic is for d6991.com. Does anyone else see this? Who are these folks (WEBNIC.CC)? -chris --- Please refer to http://www.amherst.com/amherst-email-disclaimer/ for important disclosures regarding this electronic communication.
Current thread:
- d6991.com traffic Christopher Hunt (Sep 23)
- Re: d6991.com traffic Paul Ferguson (Sep 23)
- Re: d6991.com traffic Chris Hunt (Sep 23)
- Re: d6991.com traffic Dobbins, Roland (Sep 23)
- Re: d6991.com traffic Chris Adams (Sep 23)
- Re: d6991.com traffic Jared Mauch (Sep 23)
- Re: d6991.com traffic Chris Hunt (Sep 23)
- Re: d6991.com traffic Alain Hebert (Sep 23)
- Re: d6991.com traffic Paul Ferguson (Sep 23)
- RE: d6991.com traffic Meshier, Brent (Sep 23)
- Re: d6991.com traffic fire-eyes (Sep 23)
- Re: d6991.com traffic Paul Ferguson (Sep 23)