Observation of DNS Amplification Attack (txt.fwserver.com.ua)
$ dig @::1 txt.fwserver.com.ua any ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.8.5-P1 <<>> @::1 txt.fwserver.com.ua any ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35790 ;; flags: qr rd ra; QUERY: 1, ANSWER: 244, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;txt.fwserver.com.ua. IN ANY ;; ANSWER SECTION: txt.fwserver.com.ua. 28800 IN SOA ns1.ua-dc.net. root.ua-dc.net. 2013090211 28800 7200 1209600 2600 txt.fwserver.com.ua. 28800 IN NS ns1.ua-dc.net. txt.fwserver.com.ua. 28800 IN NS ns2.ua-dc.net. txt.fwserver.com.ua. 28800 IN A 204.46.43.140 txt.fwserver.com.ua. 28800 IN A 204.46.43.141 txt.fwserver.com.ua. 28800 IN A 204.46.43.142 txt.fwserver.com.ua. 28800 IN A 204.46.43.143 txt.fwserver.com.ua. 28800 IN A 204.46.43.144 txt.fwserver.com.ua. 28800 IN A 204.46.43.145 txt.fwserver.com.ua. 28800 IN A 204.46.43.146 txt.fwserver.com.ua. 28800 IN A 204.46.43.147 txt.fwserver.com.ua. 28800 IN A 204.46.43.148 txt.fwserver.com.ua. 28800 IN A 204.46.43.149 txt.fwserver.com.ua. 28800 IN A 204.46.43.150 txt.fwserver.com.ua. 28800 IN A 204.46.43.151 txt.fwserver.com.ua. 28800 IN A 204.46.43.152 txt.fwserver.com.ua. 28800 IN A 204.46.43.153 txt.fwserver.com.ua. 28800 IN A 204.46.43.154 txt.fwserver.com.ua. 28800 IN A 204.46.43.155 txt.fwserver.com.ua. 28800 IN A 204.46.43.156 txt.fwserver.com.ua. 28800 IN A 204.46.43.157 txt.fwserver.com.ua. 28800 IN A 204.46.43.158 txt.fwserver.com.ua. 28800 IN A 204.46.43.159 txt.fwserver.com.ua. 28800 IN A 204.46.43.160 txt.fwserver.com.ua. 28800 IN A 204.46.43.161 txt.fwserver.com.ua. 28800 IN A 204.46.43.162 txt.fwserver.com.ua. 28800 IN A 204.46.43.163 txt.fwserver.com.ua. 28800 IN A 204.46.43.164 txt.fwserver.com.ua. 28800 IN A 204.46.43.165 txt.fwserver.com.ua. 28800 IN A 204.46.43.166 txt.fwserver.com.ua. 28800 IN A 204.46.43.167 txt.fwserver.com.ua. 28800 IN A 204.46.43.168 txt.fwserver.com.ua. 28800 IN A 204.46.43.169 txt.fwserver.com.ua. 28800 IN A 204.46.43.170 txt.fwserver.com.ua. 28800 IN A 204.46.43.171 txt.fwserver.com.ua. 28800 IN A 204.46.43.172 txt.fwserver.com.ua. 28800 IN A 204.46.43.173 txt.fwserver.com.ua. 28800 IN A 204.46.43.174 txt.fwserver.com.ua. 28800 IN A 204.46.43.175 txt.fwserver.com.ua. 28800 IN A 204.46.43.176 txt.fwserver.com.ua. 28800 IN A 204.46.43.177 txt.fwserver.com.ua. 28800 IN A 204.46.43.178 txt.fwserver.com.ua. 28800 IN A 204.46.43.179 txt.fwserver.com.ua. 28800 IN A 204.46.43.180 txt.fwserver.com.ua. 28800 IN A 204.46.43.181 txt.fwserver.com.ua. 28800 IN A 204.46.43.182 txt.fwserver.com.ua. 28800 IN A 204.46.43.183 txt.fwserver.com.ua. 28800 IN A 204.46.43.184 txt.fwserver.com.ua. 28800 IN A 204.46.43.185 txt.fwserver.com.ua. 28800 IN A 204.46.43.186 txt.fwserver.com.ua. 28800 IN A 204.46.43.187 txt.fwserver.com.ua. 28800 IN A 204.46.43.188 txt.fwserver.com.ua. 28800 IN A 204.46.43.189 txt.fwserver.com.ua. 28800 IN A 204.46.43.190 txt.fwserver.com.ua. 28800 IN A 204.46.43.191 txt.fwserver.com.ua. 28800 IN A 204.46.43.192 txt.fwserver.com.ua. 28800 IN A 204.46.43.193 txt.fwserver.com.ua. 28800 IN A 204.46.43.194 txt.fwserver.com.ua. 28800 IN A 204.46.43.195 txt.fwserver.com.ua. 28800 IN A 204.46.43.196 txt.fwserver.com.ua. 28800 IN A 204.46.43.197 txt.fwserver.com.ua. 28800 IN A 204.46.43.198 txt.fwserver.com.ua. 28800 IN A 204.46.43.199 txt.fwserver.com.ua. 28800 IN A 204.46.43.200 txt.fwserver.com.ua. 28800 IN A 204.46.43.201 txt.fwserver.com.ua. 28800 IN A 204.46.43.202 txt.fwserver.com.ua. 28800 IN A 204.46.43.203 txt.fwserver.com.ua. 28800 IN A 204.46.43.204 txt.fwserver.com.ua. 28800 IN A 204.46.43.205 txt.fwserver.com.ua. 28800 IN A 204.46.43.206 txt.fwserver.com.ua. 28800 IN A 204.46.43.207 txt.fwserver.com.ua. 28800 IN A 204.46.43.208 txt.fwserver.com.ua. 28800 IN A 204.46.43.209 txt.fwserver.com.ua. 28800 IN A 204.46.43.210 txt.fwserver.com.ua. 28800 IN A 204.46.43.211 txt.fwserver.com.ua. 28800 IN A 204.46.43.212 txt.fwserver.com.ua. 28800 IN A 204.46.43.213 txt.fwserver.com.ua. 28800 IN A 204.46.43.214 txt.fwserver.com.ua. 28800 IN A 204.46.43.215 txt.fwserver.com.ua. 28800 IN A 204.46.43.216 txt.fwserver.com.ua. 28800 IN A 204.46.43.217 txt.fwserver.com.ua. 28800 IN A 204.46.43.218 txt.fwserver.com.ua. 28800 IN A 204.46.43.219 txt.fwserver.com.ua. 28800 IN A 204.46.43.220 txt.fwserver.com.ua. 28800 IN A 204.46.43.221 txt.fwserver.com.ua. 28800 IN A 204.46.43.222 txt.fwserver.com.ua. 28800 IN A 204.46.43.223 txt.fwserver.com.ua. 28800 IN A 204.46.43.224 txt.fwserver.com.ua. 28800 IN A 204.46.43.225 txt.fwserver.com.ua. 28800 IN A 204.46.43.226 txt.fwserver.com.ua. 28800 IN A 204.46.43.227 txt.fwserver.com.ua. 28800 IN A 204.46.43.228 txt.fwserver.com.ua. 28800 IN A 204.46.43.229 txt.fwserver.com.ua. 28800 IN A 204.46.43.230 txt.fwserver.com.ua. 28800 IN A 204.46.43.231 txt.fwserver.com.ua. 28800 IN A 204.46.43.232 txt.fwserver.com.ua. 28800 IN A 204.46.43.233 txt.fwserver.com.ua. 28800 IN A 204.46.43.234 txt.fwserver.com.ua. 28800 IN A 204.46.43.235 txt.fwserver.com.ua. 28800 IN A 204.46.43.236 txt.fwserver.com.ua. 28800 IN A 204.46.43.237 txt.fwserver.com.ua. 28800 IN A 204.46.43.238 txt.fwserver.com.ua. 28800 IN A 204.46.43.239 txt.fwserver.com.ua. 28800 IN A 204.46.43.240 txt.fwserver.com.ua. 28800 IN A 91.212.124.2 txt.fwserver.com.ua. 28800 IN A 204.46.43.1 txt.fwserver.com.ua. 28800 IN A 204.46.43.2 txt.fwserver.com.ua. 28800 IN A 204.46.43.3 txt.fwserver.com.ua. 28800 IN A 204.46.43.4 txt.fwserver.com.ua. 28800 IN A 204.46.43.5 txt.fwserver.com.ua. 28800 IN A 204.46.43.6 txt.fwserver.com.ua. 28800 IN A 204.46.43.7 txt.fwserver.com.ua. 28800 IN A 204.46.43.8 txt.fwserver.com.ua. 28800 IN A 204.46.43.9 txt.fwserver.com.ua. 28800 IN A 204.46.43.10 txt.fwserver.com.ua. 28800 IN A 204.46.43.11 txt.fwserver.com.ua. 28800 IN A 204.46.43.12 txt.fwserver.com.ua. 28800 IN A 204.46.43.13 txt.fwserver.com.ua. 28800 IN A 204.46.43.14 txt.fwserver.com.ua. 28800 IN A 204.46.43.15 txt.fwserver.com.ua. 28800 IN A 204.46.43.16 txt.fwserver.com.ua. 28800 IN A 204.46.43.17 txt.fwserver.com.ua. 28800 IN A 204.46.43.18 txt.fwserver.com.ua. 28800 IN A 204.46.43.19 txt.fwserver.com.ua. 28800 IN A 204.46.43.20 txt.fwserver.com.ua. 28800 IN A 204.46.43.21 txt.fwserver.com.ua. 28800 IN A 204.46.43.22 txt.fwserver.com.ua. 28800 IN A 204.46.43.23 txt.fwserver.com.ua. 28800 IN A 204.46.43.24 txt.fwserver.com.ua. 28800 IN A 204.46.43.25 txt.fwserver.com.ua. 28800 IN A 204.46.43.26 txt.fwserver.com.ua. 28800 IN A 204.46.43.27 txt.fwserver.com.ua. 28800 IN A 204.46.43.28 txt.fwserver.com.ua. 28800 IN A 204.46.43.29 txt.fwserver.com.ua. 28800 IN A 204.46.43.30 txt.fwserver.com.ua. 28800 IN A 204.46.43.31 txt.fwserver.com.ua. 28800 IN A 204.46.43.32 txt.fwserver.com.ua. 28800 IN A 204.46.43.33 txt.fwserver.com.ua. 28800 IN A 204.46.43.34 txt.fwserver.com.ua. 28800 IN A 204.46.43.35 txt.fwserver.com.ua. 28800 IN A 204.46.43.36 txt.fwserver.com.ua. 28800 IN A 204.46.43.37 txt.fwserver.com.ua. 28800 IN A 204.46.43.38 txt.fwserver.com.ua. 28800 IN A 204.46.43.39 txt.fwserver.com.ua. 28800 IN A 204.46.43.40 txt.fwserver.com.ua. 28800 IN A 204.46.43.41 txt.fwserver.com.ua. 28800 IN A 204.46.43.42 txt.fwserver.com.ua. 28800 IN A 204.46.43.43 txt.fwserver.com.ua. 28800 IN A 204.46.43.44 txt.fwserver.com.ua. 28800 IN A 204.46.43.45 txt.fwserver.com.ua. 28800 IN A 204.46.43.46 txt.fwserver.com.ua. 28800 IN A 204.46.43.47 txt.fwserver.com.ua. 28800 IN A 204.46.43.48 txt.fwserver.com.ua. 28800 IN A 204.46.43.49 txt.fwserver.com.ua. 28800 IN A 204.46.43.50 txt.fwserver.com.ua. 28800 IN A 204.46.43.51 txt.fwserver.com.ua. 28800 IN A 204.46.43.52 txt.fwserver.com.ua. 28800 IN A 204.46.43.53 txt.fwserver.com.ua. 28800 IN A 204.46.43.54 txt.fwserver.com.ua. 28800 IN A 204.46.43.55 txt.fwserver.com.ua. 28800 IN A 204.46.43.56 txt.fwserver.com.ua. 28800 IN A 204.46.43.57 txt.fwserver.com.ua. 28800 IN A 204.46.43.58 txt.fwserver.com.ua. 28800 IN A 204.46.43.59 txt.fwserver.com.ua. 28800 IN A 204.46.43.60 txt.fwserver.com.ua. 28800 IN A 204.46.43.61 txt.fwserver.com.ua. 28800 IN A 204.46.43.62 txt.fwserver.com.ua. 28800 IN A 204.46.43.63 txt.fwserver.com.ua. 28800 IN A 204.46.43.64 txt.fwserver.com.ua. 28800 IN A 204.46.43.65 txt.fwserver.com.ua. 28800 IN A 204.46.43.66 txt.fwserver.com.ua. 28800 IN A 204.46.43.67 txt.fwserver.com.ua. 28800 IN A 204.46.43.68 txt.fwserver.com.ua. 28800 IN A 204.46.43.69 txt.fwserver.com.ua. 28800 IN A 204.46.43.70 txt.fwserver.com.ua. 28800 IN A 204.46.43.71 txt.fwserver.com.ua. 28800 IN A 204.46.43.72 txt.fwserver.com.ua. 28800 IN A 204.46.43.73 txt.fwserver.com.ua. 28800 IN A 204.46.43.74 txt.fwserver.com.ua. 28800 IN A 204.46.43.75 txt.fwserver.com.ua. 28800 IN A 204.46.43.76 txt.fwserver.com.ua. 28800 IN A 204.46.43.77 txt.fwserver.com.ua. 28800 IN A 204.46.43.78 txt.fwserver.com.ua. 28800 IN A 204.46.43.79 txt.fwserver.com.ua. 28800 IN A 204.46.43.80 txt.fwserver.com.ua. 28800 IN A 204.46.43.81 txt.fwserver.com.ua. 28800 IN A 204.46.43.82 txt.fwserver.com.ua. 28800 IN A 204.46.43.83 txt.fwserver.com.ua. 28800 IN A 204.46.43.84 txt.fwserver.com.ua. 28800 IN A 204.46.43.85 txt.fwserver.com.ua. 28800 IN A 204.46.43.86 txt.fwserver.com.ua. 28800 IN A 204.46.43.87 txt.fwserver.com.ua. 28800 IN A 204.46.43.88 txt.fwserver.com.ua. 28800 IN A 204.46.43.89 txt.fwserver.com.ua. 28800 IN A 204.46.43.90 txt.fwserver.com.ua. 28800 IN A 204.46.43.91 txt.fwserver.com.ua. 28800 IN A 204.46.43.92 txt.fwserver.com.ua. 28800 IN A 204.46.43.93 txt.fwserver.com.ua. 28800 IN A 204.46.43.94 txt.fwserver.com.ua. 28800 IN A 204.46.43.95 txt.fwserver.com.ua. 28800 IN A 204.46.43.96 txt.fwserver.com.ua. 28800 IN A 204.46.43.97 txt.fwserver.com.ua. 28800 IN A 204.46.43.98 txt.fwserver.com.ua. 28800 IN A 204.46.43.99 txt.fwserver.com.ua. 28800 IN A 204.46.43.100 txt.fwserver.com.ua. 28800 IN A 204.46.43.101 txt.fwserver.com.ua. 28800 IN A 204.46.43.102 txt.fwserver.com.ua. 28800 IN A 204.46.43.103 txt.fwserver.com.ua. 28800 IN A 204.46.43.104 txt.fwserver.com.ua. 28800 IN A 204.46.43.105 txt.fwserver.com.ua. 28800 IN A 204.46.43.106 txt.fwserver.com.ua. 28800 IN A 204.46.43.107 txt.fwserver.com.ua. 28800 IN A 204.46.43.108 txt.fwserver.com.ua. 28800 IN A 204.46.43.109 txt.fwserver.com.ua. 28800 IN A 204.46.43.110 txt.fwserver.com.ua. 28800 IN A 204.46.43.111 txt.fwserver.com.ua. 28800 IN A 204.46.43.112 txt.fwserver.com.ua. 28800 IN A 204.46.43.113 txt.fwserver.com.ua. 28800 IN A 204.46.43.114 txt.fwserver.com.ua. 28800 IN A 204.46.43.115 txt.fwserver.com.ua. 28800 IN A 204.46.43.116 txt.fwserver.com.ua. 28800 IN A 204.46.43.117 txt.fwserver.com.ua. 28800 IN A 204.46.43.118 txt.fwserver.com.ua. 28800 IN A 204.46.43.119 txt.fwserver.com.ua. 28800 IN A 204.46.43.120 txt.fwserver.com.ua. 28800 IN A 204.46.43.121 txt.fwserver.com.ua. 28800 IN A 204.46.43.122 txt.fwserver.com.ua. 28800 IN A 204.46.43.123 txt.fwserver.com.ua. 28800 IN A 204.46.43.124 txt.fwserver.com.ua. 28800 IN A 204.46.43.125 txt.fwserver.com.ua. 28800 IN A 204.46.43.126 txt.fwserver.com.ua. 28800 IN A 204.46.43.127 txt.fwserver.com.ua. 28800 IN A 204.46.43.128 txt.fwserver.com.ua. 28800 IN A 204.46.43.129 txt.fwserver.com.ua. 28800 IN A 204.46.43.130 txt.fwserver.com.ua. 28800 IN A 204.46.43.131 txt.fwserver.com.ua. 28800 IN A 204.46.43.132 txt.fwserver.com.ua. 28800 IN A 204.46.43.133 txt.fwserver.com.ua. 28800 IN A 204.46.43.134 txt.fwserver.com.ua. 28800 IN A 204.46.43.135 txt.fwserver.com.ua. 28800 IN A 204.46.43.136 txt.fwserver.com.ua. 28800 IN A 204.46.43.137 txt.fwserver.com.ua. 28800 IN A 204.46.43.138 txt.fwserver.com.ua. 28800 IN A 204.46.43.139 ;; Query time: 10 msec ;; SERVER: ::1#53(::1) ;; WHEN: Tue Oct 22 18:56:46 JST 2013 ;; MSG SIZE rcvd: 3979
$ whois 91.212.124.5 # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # # Query terms are ambiguous. The query is assumed to be: # "n 91.212.124.5" # # Use "?" to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=91.212.124.5?showDetails=true&showARIN=false&ext=netref2 # NetRange: 91.0.0.0 - 91.255.255.255 CIDR: 91.0.0.0/8 OriginAS: NetName: 91-RIPE NetHandle: NET-91-0-0-0-1 Parent: NetType: Allocated to RIPE NCC Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois RegDate: 2005-06-30 Updated: 2009-05-18 Ref: http://whois.arin.net/rest/net/NET-91-0-0-0-1 OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: http://whois.arin.net/rest/org/RIPE ReferralServer: whois://whois.ripe.net:43 OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: abuse@ripe.net OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: hostmaster@ripe.net OrgTechRef: http://whois.arin.net/rest/poc/RNO29-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '91.212.124.0 - 91.212.124.255' inetnum: 91.212.124.0 - 91.212.124.255 netname: AN-NET descr: Nikultsev Aleksandr Nikolaevich country: UA org: ORG-AN36-RIPE admin-c: ANN80-RIPE tech-c: ANN80-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-lower: RIPE-NCC-END-MNT mnt-by: MNT-AN mnt-routes: MNT-AN mnt-domains: MNT-AN source: RIPE # Filtered organisation: ORG-AN36-RIPE org-name: Nikultsev Aleksandr Nikolaevich org-type: OTHER address: 11/22, Sherbiny str. address: Dnepropetrovsk, Ukraine phone: +380 95 5852446 mnt-ref: MNT-AN mnt-by: MNT-AN source: RIPE # Filtered person: Alexander Nikultsev address: 49130, Ukraine, Dniepropetrovsk, Sherbiny str 11/22 phone: +380 95 5852446 nic-hdl: ANN80-RIPE source: RIPE # Filtered mnt-by: MNT-AN % Information related to '91.212.124.0/24AS49089' route: 91.212.124.0/24 descr: UA-DC mnt-routes: MNT-AN origin: AS49089 mnt-by: MNT-AN source: RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.69 (WHOIS4)
