‘Hijack’ by AS4761 – Indosat, a quick report

337 views
Skip to first unread message

Willy Sutrisno

unread,
Apr 4, 2014, 1:00:09 AM4/4/14
to id...@googlegroups.com
http://www.bgpmon.net/hijack-by-as4761-indosat-a-quick-report/


‘Hijack’ by AS4761 – Indosat, a quick report

Posted by Andree Toonk - January 15, 2011 - Hijack - 10 Comments

This is just a quick post to address some of the emails I’ve received today. Quite a bit of BGPmon.net users have received a notification regarding a possible hijack of their address space.

On Friday January 14th AS4761, INDOSAT-INP-AP, started to originate a large number of new prefixes. A quick check show that AS4761 originated approximately 2800 new unique prefixes of 824 unique Autonomous systems. Whereas normally they originate approximately 100 prefixes.
The announcements happened between 12:19 and 12:57 PM UTC. Some prefixes were affected longer than others,

The geographic impact of these announcements varies per prefix. Some were seen by only a few peers, where others were seen by up to 50 peers geographically dispersed all over the world. Some of the networks affected are 8.8.8.0/24 (Google open resolver), a number of AS20940 Akamai prefixes, Amazon prefixes, Cisco, DoD, US Senate, American Express, General Electric and many others.

Wondering if your network was affected by this? Here you’ll find a list of all affected networks.

A number of the transit providers of AS4761 accepted these prefixes. This is the distribution:

Number of unique prefixestransit_ASAS Name
2211AS9505TWGATE-AP Taiwan Internet Gateway
1299AS6762SEABONE-NET TELECOM ITALIA SPARKLE S.p.A.
1142AS3491PCW Global  / BTN-ASN – Beyond The Network America, Inc.
685AS4657STARHUBINTERNET-AS StarHub Internet Exchange
584AS7018ATT-INTERNET4 – AT&T Services, Inc.
330AS1273CW Cable and Wireless Worldwide plc
154AS6453GLOBEINTERNET TATA Communications
88AS9304HUTCHISON-AS-AP Hutchison Global Communications

Willy Sutrisno

unread,
Apr 5, 2014, 5:33:30 AM4/5/14
to id...@googlegroups.com
further report, this time from Renesys.

Indonesia Hijacks the World

03 APR, 2014 | 3:09 PM | BY EARL ZMIJEWSKI

Yesterday, Indosat, one of Indonesia’s largest telecommunications providers, leaked large portions of the global routing table multiple times over a two-hour period. This means that, in effect, Indosat claimed that it “owned” many of the world’s networks. Once someone makes such an assertion, typically via an honest mistake in their routing policy, the only question remaining is how much of the world ends up believing them and hence, what will be the scale of the damage they inflict? Events of this nature, while relatively rare, are certainly not unheard of and can have geopolitical implications, such as when China was involved in a similar incident in 2010.

Keep in mind that this is how the Internet is designed to work, namely, on the honor system. Like Twitter and Facebook, where you can claim to be anyone you want, Internet routing allows you to lay claim to any network you want. There is no authentication or validation. None. But unlike Twitter and Facebook, such false claims propagate through the world in a matter of seconds and decisions, good or bad, are made algorithmically by routers, not humans. This means that innocent errors can have immediate global impacts. In this incident, the impacts were most pronounced on Akamai, one of the world’s largest content delivery networks, which was a very bad thing. Akamai hosts thousands of networks for their customers, including turbotax.comhealthcare.govpaypal.com and many other high-profile sites.

The trouble with Indosat began at 18:25 UTC yesterday when they leaked over 320,000 routes. Since a full routing table currently contains nearly 500,000 routes, this means that Indosat laid claim to roughly two-thirds of the Internet!

Inline image 1

While many of these routes didn’t travel very far from Indonesia and hence, would not have had much of an impact on Internet traffic, a few hundred were widely accepted, and a large fraction of these belonged to Akamai.

Inline image 2

Besides disrupting Akamai themselves, this routing leak completely took out Indosat in what amounted to a self-inflicted DDoS attack. Our global latency measurements into this ISP via all of their upstream providers all but stopped during this time period and remained impaired even after the bogus routing announcements were withdrawn.

Traces-to-Indosat Indosat-DDOS

Surprisingly, for some Akamai prefixes (networks), the Indosat hijack was essentially complete, with most of the world choosing Indonesia as the best place to send this particular Akamai traffic.

indosat_leak_akamai2

For others who were impacted, the hijacking was partial, with some of the world selecting Indosat and others selecting the rightful owners. For example, Chevron in London saw about half our routing sources choosing Indonesia over the UK during much of this 2-hour disruption.

indosat_leak_chevron

We can assess the probable operational impact on each affected network by examining this split between our peers who selected Indosat (and therefore would have supported traffic misdirection) and those who stuck with the real owner’s routes. Several hundred thousand networks were affected to some degree, but 99.7% of these were minimally affected, with less than 5% of our peerset convinced to take the alternative Indosat origin. We can divide the remaining 0.3% into three tiers:

  • Low Impact (0.2% of affected networks): potential traffic redirection affected more than 5%, but not more than 25%, of our peers. Examples:
  • Medium Impact (0.06% of affected networks): potential traffic redirection affected more than 25%, but not more than 50%, of our peers. Examples:
  • High Impact (0.03% of affected networks)more than 50% of our peers routed traffic via Indosat instead of the true owner. Examples (in addition to Akamai-hosted blocks):
indosat_leak_santa_monica indosat_leak_citirx

Conclusions

In the absence of a single world government (for strict authentication) and much greater controls over Internet routing (for strict validation), there is currently no way to completely prevent these types of incidents. In the same way that anyone can set up a fake Facebook account with your name on it, so too can any router in the world claim to be the best way to reach your network. At the very least, enterprises need to be monitoring and managing their own Internet assets, as not all hijacks are necessarily innocent or short-lived.

Enterprises also need to carefully police their own routing policies and understand how the world reaches them. The reason why Chevron was impacted globally was largely of their own making: normally, they heavily prepend their BGP announcements through British Telecom, one of their providers. That is, the AS paths to 146.23.208.0/21 tend to look like … 2856 7862 7862 7862 7862 7862. By this mechanism, Chevron has artificially lengthened its AS path, thereby de-prioritizing the selection of this route. Unfortunately, this approach has also left them open to hijacking, since BGP route selection uses AS path length in its decision-making process. When Indosat starting leaking routes, the heavily prepended (and correct) Chevron routes were some of the first to be misdirected to Indonesia, as AS paths via Indosat were often shorter.

We saw this same behavior back in April of 2010 during China’s routing leak. Some of the worst impacted routes in that incident were from Charlottesville, Virginia. Not because China was targeting this college town of 43,000 in central Virginia, but because those routes were heavily prepended at all times, all but guaranteeing any errant routes from anywhere in the world would be preferred.

In short: route leak events like this one, which happen at least once a year, are a good reminder that BGP routing is fragile and error-prone. There are no easy fixes. That means that every enterprise on the Internet should be monitoring the advertisements of their networks, keep published ASPATHs compact and free from unnecessary prepending, and be prepared to temporarily advertise one or more more-specific routes, if possible, to win back control of inbound traffic. Don’t be part of the 0.03% who suffer serious impacts from large accidental route leaks.



--
Willy - Fitter, Faster, Leaner and Stronger, I will !

Nothing in the world is worth having or worth doing unless it means effort, pain, difficulty… I have never in my life envied a human being who led an easy life. I have envied a great many people who led difficult lives and led them well ~ Theodore Roosevelt


--
website: http://www.idnog.or.id
---
You received this message because you are subscribed to the Google Groups "IDNOG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to idnog+un...@googlegroups.com.
To post to this group, send email to id...@googlegroups.com.
Visit this group at http://groups.google.com/group/idnog.
For more options, visit https://groups.google.com/d/optout.

Harijanto Pribadi

unread,
Apr 9, 2014, 4:47:29 AM4/9/14
to id...@googlegroups.com
Dear all,

Kemarin waktu ada acara silaturahmi di IDC pasca insident bgp hijack oleh as4761 indosat , Om Bill dari Nawala sempat tunjukkin perihal banyaknya request query ke dns nawala utk domain2 yang gak ada di internet dan kemungkinan juga host yang request di cek ternyata spoof 

Nah sepertinya problem ini lebih di kenal dengan DNS Amplification DDoS Attack  dan beberapa ISP besar juga sempat kerepotan menangani hal ini, kebetulan kalau ISP saya masih belum ada gejala yang aneh-aneh semoga sih gak deh amit-amit

Nah saya coba lempar issue ini agar diskusi perihal masalah ini bisa di mulai di milist ini

Regards,
Harijanto Pribadi

Bill Fridini

unread,
Apr 9, 2014, 4:55:28 AM4/9/14
to id...@googlegroups.com
‎Host yg request ga spoofing kok. Sepertinya mereka terjakiti malware.

Kl melihat gejelanya, ini serentak terjadi di semua node DNS Nawala, termasuk node yg tidak pakai IP 180.131.144.144/180.131.145.145 jg idem, DNS yg di query sama, sub domain yg ga ada.

Bill

Sent from my BlackBerry 10 smartphone on the XL network.
From: Harijanto Pribadi
Sent: Rabu, 9 April 2014 15.50
Subject: [IDNOG] DNS Amplification DDoS attack

ri...@citra.net.id

unread,
Apr 9, 2014, 5:12:28 AM4/9/14
to Bill Fridini, id...@googlegroups.com
Obatnya pakai bind versi terbaru yaitu 9.9.5 dengan menghidupkan fasilitas RRL (Responses Rate Limit) dan ternyata cukup ampuh utk menghalau DNS Amplification Attack maupun query malware yang bisa mencapai ratusan bahkan ribuan qps (queries per second).

Dns kita sudah bbrp kali down karena hal yg diungkapkan pak HP dan setelah diupgrade dgn bind versi terbaru skrg aman.

Riza
Sent from my BlackBerry®
powered by Citranet ISP
Tlp 0274 554444
Fax 0274 553055
www.citra.net.id
From: Bill Fridini <fri...@nawala.org>
Date: Wed, 09 Apr 2014 15:55:28 +0700
Subject: Re: [IDNOG] DNS Amplification DDoS attack

Rommy Kuntoro

unread,
Apr 9, 2014, 6:41:26 AM4/9/14
to Bill Fridini, id...@googlegroups.com

Kalau query dns yg besar ini bisa menyebabkab dns down.apa ada work around untuk melimit ini? Kalo di bind ver baru ada rrl ,kyknya kurang pas solusi

ri...@citra.net.id

unread,
Apr 9, 2014, 6:54:39 AM4/9/14
to Rommy Kuntoro, id...@googlegroups.com, Bill Fridini

Kalau query dns yg besar ini bisa menyebabkab dns down.apa ada work around untuk melimit ini? Kalo di bind ver baru ada rrl ,kyknya kurang pas solusi

On Apr 9, 2014 3:55 PM, Bill Fridini <fri...@nawala.org> wrote:
Dns down karena qps cukup besar sehingga menghabiskan resource server. Dulu pakai server core 2 duo saja sudah cukup tapi peristiwa kmrn membuat kita harus upgrade ke server dg processor xeon. Anggapan saya bisa menyelesaikan masalah tapi tetap saja down atau paling tidak melambat proses sending data ke customer.

Akhirnya ya saya compile ulang dengan RRL dan malware yg bikin dns sibuk bisa ditanggulangi sekaligus resource processor dan memory dipakai maksimal. Sebenarnya kalau dns nya ngga recursive sih ngga masalah hehe.

Utk unbound dan powerdns belum nemu cara install RRL kayak di bind.


Riza
Sent from my BlackBerry®
powered by Citranet ISP
Tlp 0274 554444
Fax 0274 553055
www.citra.net.id
From: Rommy Kuntoro <romm...@yahoo.com>
Date: Wed, 09 Apr 2014 17:41:26 +0700
To: Bill Fridini<fri...@nawala.org>
Subject: Re: [IDNOG] DNS Amplification DDoS attack

Alfons Tanujaya

unread,
Apr 11, 2014, 4:48:34 AM4/11/14
to id...@googlegroups.com, Bill Fridini

Dear teman-teman,

 

Urun rembug yah.

Apakah ada yang bisa memberikan data lebih lengkap / detail jenis malware yang mengakibatkan pengalihan DNS ini ?

Kalau malware biasa model DNSchanger http://en.wikipedia.org/wiki/DNSChanger di komputer sih harusnya bisa diatasi antivirus. Tapi kalau malware yang mengincar router dan mengubah DNS router pelanggan itu yang bikin pusing. Menurut pengetesan Vaksincom memang saat ini ada “sejenis” DNSchanger tetapi yang diincar bukan komputer tetapi router, khususnya router sejuta umat TpLink, Linksys etc.

Cuma saya tidak tahu detailnya sebenarnya request DNS ini tingginya dari komputer yang DNSnya dirubah malware atau dari router yang DNSnya dirubah malware (java script) dan secara tidak langsung mengakibatkan DNS komputer ikut berubah.

 

Salam,

Alfons

Willy Sutrisno

unread,
Apr 11, 2014, 9:31:30 AM4/11/14
to id...@googlegroups.com
reforward to milist yah Rom

teman teman lain kalau ada "raw data" yang bisa dishare disini, supaya kita bisa cari solusinya bareng-bareng. let's see is there any pattern from it.

--
Willy - Fitter, Faster, Leaner and Stronger, I will !

Nothing in the world is worth having or worth doing unless it means effort, pain, difficulty… I have never in my life envied a human being who led an easy life. I have envied a great many people who led difficult lives and led them well ~ Theodore Roosevelt


2014-04-11 21:28 GMT+08:00 rommy kuntoro <romm...@yahoo.com>:
Dear Pak Alfons,

Ini sedikit contoh dari log server dns cbn. Dan ini cuman sebagian kecil saja pak.


06-Apr-2014 23:33:03.976 queries: info: client 210.210.149.251#46495: query: d.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:04.645 queries: info: client 210.210.149.251#46538: query: bfl.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:04.645 queries: info: client 210.210.149.251#46539: query: sjclviezibm.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:04.664 queries: info: client 210.210.149.251#46540: query: nocqesghvwkyz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:04.672 queries: info: client 210.210.149.251#46541: query: e.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:04.704 queries: info: client 210.210.149.251#46542: query: rfhultcfwpl.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:04.716 queries: info: client 210.210.149.251#46543: query: pqwwwie.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.004 queries: info: client 210.210.149.251#46601: query: jvldn.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.024 queries: info: client 210.210.149.251#46602: query: ylvvpzt.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.024 queries: info: client 210.210.149.251#46603: query: bglpozw.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.044 queries: info: client 210.210.149.251#46604: query: pyfayeuqh.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.064 queries: info: client 210.210.149.251#46605: query: x.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.064 queries: info: client 210.210.149.251#46606: query: ycuzv.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.085 queries: info: client 210.210.149.251#46607: query: xnhplxo.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.104 queries: info: client 210.210.149.251#46608: query: exfgobvtuwzubad.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.108 queries: info: client 210.210.149.251#46609: query: effwncd.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.164 queries: info: client 210.210.149.251#46610: query: etjysvhkywfefsq.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.184 queries: info: client 210.210.149.251#46611: query: ezhjmyg.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.224 queries: info: client 210.210.149.251#46612: query: cwyjeqtvj.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.224 queries: info: client 210.210.149.251#46613: query: vhttlojcawe.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.238 queries: info: client 210.210.149.251#46614: query: byshhalkg.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.238 queries: info: client 210.210.149.251#46615: query: qxcbiyd.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.245 queries: info: client 210.210.149.251#46616: query: ewnfphnugihoozz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.284 queries: info: client 210.210.149.251#46617: query: xcamf.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.284 queries: info: client 210.210.149.251#46618: query: cus.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.284 queries: info: client 210.210.149.251#46619: query: nrsbqaolqundbod.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.324 queries: info: client 210.210.149.251#46620: query: b.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.324 queries: info: client 210.210.149.251#46621: query: faajvtjvcysaffj.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.354 queries: info: client 210.210.149.251#46622: query: ikqqtbxoiqvtegx.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.374 queries: info: client 210.210.149.251#46623: query: t.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.409 queries: info: client 210.210.149.251#46624: query: ptrslxparam.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.465 queries: info: client 210.210.149.251#46626: query: aanzrlhkm.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.494 queries: info: client 210.210.149.251#46627: query: abpqrfghijxyz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.494 queries: info: client 210.210.149.251#46628: query: m.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.494 queries: info: client 210.210.149.251#46630: query: nocdesghvjklz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.494 queries: info: client 210.210.149.251#46631: query: aopdrftuvwxlz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.495 queries: info: client 210.210.149.251#46632: query: abcqrsghijxym.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.495 queries: info: client 210.210.149.251#46633: query: gdpsesitqbibgsi.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.528 queries: info: client 210.210.149.251#46634: query: ywzsc.www.0769cg.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.584 queries: info: client 210.210.149.251#46634: query: nbcqefthijxym.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.597 queries: info: client 210.210.149.251#46635: query: ctfrj.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.634 queries: info: client 210.210.149.251#46636: query: cttlvvyjlkevmmt.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.634 queries: info: client 210.210.149.251#46637: query: leeaigfrsvpygax.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.635 queries: info: client 210.210.149.251#46639: query: smdgrvpukqpqpaa.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.714 queries: info: client 210.210.149.251#46647: query: rxiza.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.804 queries: info: client 210.210.149.251#46648: query: waepdfakdvbbjjd.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.864 queries: info: client 210.210.149.251#46649: query: spclpiy.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.864 queries: info: client 210.210.149.251#46650: query: q.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.904 queries: info: client 210.210.149.251#46651: query: zysxzlpty.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.904 queries: info: client 210.210.149.251#46652: query: lvculmq.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.913 queries: info: client 210.210.149.251#46653: query: plbhuvt.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.920 queries: info: client 210.210.149.251#46654: query: z.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.937 queries: info: client 210.210.149.251#46655: query: slcdfgmyvkb.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.938 queries: info: client 210.210.149.251#46656: query: icsokbygvvl.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.938 queries: info: client 210.210.149.251#46657: query: aocdesguiwxlm.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.938 queries: info: client 210.210.149.251#46658: query: xpgjzsddabi.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.938 queries: info: client 210.210.149.251#46660: query: chhzandiaby.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:06.969 queries: info: client 210.210.149.251#46661: query: snxob.www.0769cg.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.044 queries: info: client 210.210.149.251#46661: query: vhkrtjhxu.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.064 queries: info: client 210.210.149.251#46662: query: afu.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.064 queries: info: client 210.210.149.251#46663: query: mqq.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.064 queries: info: client 210.210.149.251#46664: query: mtm.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.133 queries: info: client 210.210.149.251#46665: query: gqiyehu.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.228 queries: info: client 210.210.149.251#46666: query: scwpdurfiwr.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.301 queries: info: client 210.210.149.251#46667: query: j.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.302 queries: info: client 210.210.149.251#46668: query: kgzdkin.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.303 queries: info: client 210.210.149.251#46669: query: kpe.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.318 queries: info: client 210.210.149.251#46670: query: jzwzzcs.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.320 queries: info: client 210.210.149.251#46671: query: adkchgz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.344 queries: info: client 210.210.149.251#46672: query: jbbjq.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.356 queries: info: client 210.210.149.251#46673: query: ckoswnw.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.356 queries: info: client 210.210.149.251#46674: query: hfjihglql.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.464 queries: info: client 210.210.149.251#46675: query: eongwvqoykhnorl.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.494 queries: info: client 210.210.149.251#46676: query: ccdztjjudzcfgag.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.494 queries: info: client 210.210.149.251#46677: query: thkwfazbxlpaapq.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.494 queries: info: client 210.210.149.251#46678: query: ivurefhqr.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.515 queries: info: client 210.210.149.251#46679: query: ygu.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.534 queries: info: client 210.210.149.251#46680: query: kjjgtvdygrm.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.534 queries: info: client 210.210.149.251#46681: query: dovkjbydxebvczz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.534 queries: info: client 210.210.149.251#46682: query: abpdeftuiwxlz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.564 queries: info: client 210.210.149.251#46683: query: bxivavcohtylskp.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.594 queries: info: client 210.210.149.251#46684: query: aqdpgrn.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.614 queries: info: client 210.210.149.251#46685: query: g.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.644 queries: info: client 210.210.149.251#46686: query: mmtklfhcx.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.764 queries: info: client 210.210.149.251#46687: query: abcdrsghiwkyz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.764 queries: info: client 210.210.149.251#46688: query: abpdeftuvjxlm.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.765 queries: info: client 210.210.149.251#46689: query: aocdestuijxym.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.765 queries: info: client 210.210.149.251#46690: query: abpqesthiwkyz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.794 queries: info: client 210.210.149.251#46691: query: bvlimkaufclddqs.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.854 queries: info: client 210.210.149.251#46692: query: tybrfpdpehjikbr.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.905 queries: info: client 210.210.149.251#46693: query: dqlbouhnn.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.957 queries: info: client 210.210.149.251#46694: query: nbpdefguiwkyz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.957 queries: info: client 210.210.149.251#46695: query: hjl.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:07.984 queries: info: client 210.210.149.251#46697: query: d.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:08.655 queries: info: client 210.210.149.251#46737: query: bfl.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:08.655 queries: info: client 210.210.149.251#46738: query: qaunaqnpxvlhpmv.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:08.684 queries: info: client 210.210.149.251#46739: query: nocqesghvwkyz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:08.685 queries: info: client 210.210.149.251#46740: query: e.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.065 queries: info: client 210.210.149.251#46797: query: pyfayeuqh.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.085 queries: info: client 210.210.149.251#46798: query: x.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.085 queries: info: client 210.210.149.251#46799: query: ycuzv.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.085 queries: info: client 210.210.149.251#46800: query: acala.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.085 queries: info: client 210.210.149.251#46801: query: buzbz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.105 queries: info: client 210.210.149.251#46802: query: fdtgx.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.125 queries: info: client 210.210.149.251#46803: query: effwncd.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.125 queries: info: client 210.210.149.251#46804: query: exfgobvtuwzubad.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.164 queries: info: client 210.210.149.251#46805: query: aocqesthijkyz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.166 queries: info: client 210.210.149.251#46806: query: nbpdefghvjxlz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.169 queries: info: client 210.210.149.251#46807: query: nbpdesguiwklm.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.170 queries: info: client 210.210.149.251#46808: query: abcqefguiwxlm.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.185 queries: info: client 210.210.149.251#46809: query: etjysvhkywfefsq.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.205 queries: info: client 210.210.149.251#46810: query: ezhjmyg.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.245 queries: info: client 210.210.149.251#46811: query: byshhalkg.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.245 queries: info: client 210.210.149.251#46812: query: cwyjeqtvj.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.245 queries: info: client 210.210.149.251#46813: query: qxcbiyd.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.265 queries: info: client 210.210.149.251#46814: query: ewnfphnugihoozz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.305 queries: info: client 210.210.149.251#46815: query: cus.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.305 queries: info: client 210.210.149.251#46816: query: nrsbqaolqundbod.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.335 queries: info: client 210.210.149.251#46817: query: faajvtjvcysaffj.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.335 queries: info: client 210.210.149.251#46818: query: b.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.395 queries: info: client 210.210.149.251#46819: query: t.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.425 queries: info: client 210.210.149.251#46820: query: ptrslxparam.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.475 queries: info: client 210.210.149.251#46821: query: aanzrlhkm.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.475 queries: info: client 210.210.149.251#46822: query: r.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.524 queries: info: client 210.210.149.251#46823: query: mdavqlzun.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.525 queries: info: client 210.210.149.251#46825: query: vnvbq.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.526 queries: info: client 210.210.149.251#46826: query: lnazt.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.526 queries: info: client 210.210.149.251#46827: query: suckq.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.526 queries: info: client 210.210.149.251#46828: query: tdsuf.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.526 queries: info: client 210.210.149.251#46829: query: evwzdugen.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.605 queries: info: client 210.210.149.251#46830: query: ctfrj.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.605 queries: info: client 210.210.149.251#46831: query: nbcqefthijxym.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.644 queries: info: client 210.210.149.251#46832: query: leeaigfrsvpygax.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.644 queries: info: client 210.210.149.251#46833: query: smdgrvpukqpqpaa.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.644 queries: info: client 210.210.149.251#46834: query: cttlvvyjlkevmmt.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.644 queries: info: client 210.210.149.251#46835: query: mhsykpf.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.855 queries: info: client 210.210.149.251#46842: query: gtrcipc.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.868 queries: info: client 210.210.149.251#46843: query: w.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.885 queries: info: client 210.210.149.251#46844: query: q.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.885 queries: info: client 210.210.149.251#46845: query: spclpiy.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.885 queries: info: client 210.210.149.251#46846: query: vtabfjlvj.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.925 queries: info: client 210.210.149.251#46847: query: plbhuvt.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.925 queries: info: client 210.210.149.251#46849: query: z.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:10.925 queries: info: client 210.210.149.251#46850: query: zysxzlpty.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.055 queries: info: client 210.210.149.251#46851: query: vhkrtjhxu.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.085 queries: info: client 210.210.149.251#46852: query: mqq.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.085 queries: info: client 210.210.149.251#46853: query: mtm.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.125 queries: info: client 210.210.149.251#46854: query: sgi.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.125 queries: info: client 210.210.149.251#46855: query: gho.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.125 queries: info: client 210.210.149.251#46856: query: das.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.126 queries: info: client 210.210.149.251#46857: query: jcx.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.145 queries: info: client 210.210.149.251#46858: query: gqiyehu.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.158 queries: info: client 210.210.149.251#46859: query: nollf.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.158 queries: info: client 210.210.149.251#46860: query: uvmod.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.172 queries: info: client 210.210.149.251#46861: query: nyj.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.174 queries: info: client 210.210.149.251#46862: query: dun.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.175 queries: info: client 210.210.149.251#46863: query: rpi.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.245 queries: info: client 210.210.149.251#46864: query: scwpdurfiwr.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.315 queries: info: client 210.210.149.251#46865: query: j.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.315 queries: info: client 210.210.149.251#46866: query: kpe.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.315 queries: info: client 210.210.149.251#46867: query: kgzdkin.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.335 queries: info: client 210.210.149.251#46868: query: adkchgz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.335 queries: info: client 210.210.149.251#46869: query: jzwzzcs.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.355 queries: info: client 210.210.149.251#46870: query: jbbjq.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.395 queries: info: client 210.210.149.251#46871: query: owtzehjacmq.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.395 queries: info: client 210.210.149.251#46872: query: ssgmqorbrjy.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.396 queries: info: client 210.210.149.251#46873: query: l.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.475 queries: info: client 210.210.149.251#46874: query: eongwvqoykhnorl.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.535 queries: info: client 210.210.149.251#46875: query: ygu.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.555 queries: info: client 210.210.149.251#46876: query: abpdeftuiwxlz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.625 queries: info: client 210.210.149.251#46877: query: g.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.665 queries: info: client 210.210.149.251#46878: query: mmtklfhcx.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.725 queries: info: client 210.210.149.251#46879: query: bsh.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.755 queries: info: client 210.210.149.251#46880: query: iku.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.841 queries: info: client 210.210.149.251#46882: query: vzsrvtxybdguvwf.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.856 queries: info: client 210.210.149.251#46883: query: ziuuavowbmivwrg.www.0769cg.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.856 queries: info: client 210.210.149.251#46884: query: ooxhwhcqnig.www.0769cg.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.865 queries: info: client 210.210.149.251#46886: query: eornxftaweknkcu.www.0769cg.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.905 queries: info: client 210.210.149.251#46886: query: zhi.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.905 queries: info: client 210.210.149.251#46887: query: gsvukdfvezjfmhx.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.905 queries: info: client 210.210.149.251#46888: query: dqlbouhnn.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.906 queries: info: client 210.210.149.251#46889: query: dkndsnqgo.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.936 queries: info: client 210.210.149.251#46890: query: avymbiilmss.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.975 queries: info: client 210.210.149.251#46891: query: hjl.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.975 queries: info: client 210.210.149.251#46892: query: nbpdefguiwkyz.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:11.995 queries: info: client 210.210.149.251#46893: query: d.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:12.675 queries: info: client 210.210.149.251#46939: query: qaunaqnpxvlhpmv.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:12.690 queries: info: client 210.210.149.251#46940: query: ysaaj.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:12.705 queries: info: client 210.210.149.251#46941: query: e.www.5478pk.com IN A + (202.158.3.7)
06-Apr-2014 23:33:12.755 queries: info: client 210.210.149.251#46942: query: fuzlzdjgncp.www.5478pk.com IN A + (202.158.3.7)
To: idnog@googlegro
--
Web: http://www.idnog.or.id
Facebook: https://www.facebook.com/idnog
Linkedin: http://www.linkedin.com/groups/IDNOG-6657303
---
You received this message because you are subscribed to the Google Groups "IDNOG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to idnog+un...@googlegroups.com.
To post to this group, send email to id...@googlegroups.com.
Visit this group at http://groups.google.com/group/idnog.
For more options, visit https://groups.google.com/d/optout.


--

Bill Fridini

unread,
Apr 11, 2014, 9:40:19 AM4/11/14
to id...@googlegroups.com
Yah datanya kurang lebih spt itu.

Kl solusi ‎dgn RRL rasanya jg kurang tepat krn jika ada suatu host yg dibelakangnya emang banyak host yg query jd kena limit jg donk.

Ada solusi lain?

Bill

Sent from my BlackBerry 10 smartphone on the XL network.
From: Willy Sutrisno
Sent: Jumat, 11 April 2014 20.31

Bill Fridini

unread,
Apr 15, 2014, 2:18:27 AM4/15/14
to id...@googlegroups.com
Ada yg bisa share query 5 top domain?

Ini kondisi saat ini, saya jalanin perintah sbb:
# tcpdump -nn -c 50000 | grep A\? > test.txt; cut -d? -f2 test.txt  | sed -e 's/^ *//' -e 's/ *$//' | sed 's/.\{6\}$//' | cut -d. -f2- | sort| uniq -c | sort -n -r > out.txt; head -5 out.txt
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50000 packets captured
50001 packets received by filter
0 packets dropped by kernel
   3096 www.23us.com
   2025 www.23hh.com
    694 com
    659 google.com
    658 akamaihd.net


Nah sama ga hasilnya


Salam,
Bill

Harijanto Pribadi

unread,
Apr 15, 2014, 2:40:15 AM4/15/14
to Bill Fridini, id...@googlegroups.com
Ternyata sama om bill

root@ns1:~# tcpdump -nn -c 50000 | grep A\? > test.txt; cut -d? -f2 test.txt  | sed -e 's/^ *//' -e 's/ *$//' | sed 's/.\{6\}$//' | cut -d. -f2- | sort| uniq -c | sort -n -r > out.txt; head -5 out.txt

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

50000 packets captured

50002 packets received by filter

0 packets dropped by kernel

   6766 www.23us.com

   4499 www.23hh.com

    592 com

    467 google.com

    347 akamaihd.net

root@ns1:~# 


Regards,
Harijanto Pribadi



From: Bill Fridini <fri...@nawala.org>
Date: Tue, 15 Apr 2014 13:18:27 +0700
To: <id...@googlegroups.com>
Subject: Re: [IDNOG] DNS Amplification DDoS attack

--

Bill Fridini

unread,
Apr 15, 2014, 2:52:00 AM4/15/14
to id...@googlegroups.com
Nah skrg coba: tcpdump -nn | grep A\? | grep www.23us.com
Querynya sampah semua :))

-bill

Harijanto Pribadi

unread,
Apr 15, 2014, 3:02:24 AM4/15/14
to Bill Fridini, id...@googlegroups.com

Ya ampun….




12:58:47.478187 IP 182.50.241.100.42919 > 111.67.67.67.53: 22881+ A? aopqeftuvjxlz.www.23us.com. (44)

12:58:47.486459 IP 111.67.67.67.30811 > 180.153.235.242.53: 31077 [1au] A? kujug.www.23us.com. (47)

12:58:47.487812 IP 182.50.241.101.53317 > 111.67.67.68.53: 59333+ A? ypybafalivohwr.www.23us.com. (45)

12:58:47.495828 IP 111.67.67.68.17052 > 122.143.15.10.53: 54513% [1au] A? cpghsbwjcpytwnwv.www.23us.com. (58)

12:58:47.499303 IP 111.67.67.68.43294 > 119.188.68.8.53: 38252% [1au] A? q.www.23us.com. (43)

12:58:47.501551 IP 111.67.67.68.65389 > 122.143.15.10.53: 61982% [1au] A? jfhxwdgjs.www.23us.com. (51)

12:58:47.507005 IP 111.67.67.67.55111 > 119.188.68.8.53: 19587 [1au] A? lfwddos.www.23us.com. (49)

12:58:47.512101 IP 111.67.67.68.35811 > 122.143.15.10.53: 33098% [1au] A? abpqesguvwxlz.www.23us.com. (55)

12:58:47.533387 IP 111.67.67.67.32168 > 113.17.175.250.53: 42115 [1au] A? acbvzrnvaoudtdk.www.23us.com. (57)

12:58:47.546987 IP 111.67.67.67.43092 > 180.153.235.242.53: 45587 [1au] A? ayb.www.23us.com. (45)

12:58:47.549718 IP 182.50.241.117.45926 > 111.67.67.67.53: 15884+ A? dni.www.23us.com. (34)

12:58:47.570559 IP 182.50.241.117.40585 > 111.67.67.67.53: 30489+ A? kggoe.www.23us.com. (36)

12:58:47.597398 IP 111.67.67.67.46948 > 180.153.235.242.53: 17946 [1au] A? gfeqvsazhikggoq.www.23us.com. (57)

^C1056 packets captured

1062 packets received by filter

0 packets dropped by kernel


root@ns1:~# 


Regards,
Harijanto Pribadi


Reply all
Reply to author
Forward
0 new messages