DNS buteforcing? - и шо это от меня домогаются
Вот какая-то ЖЕ запаривает запросами про ЖЕ*. Минут 10 уже. tcpdump -n -p -vv host 12.175.0.44 tcpdump: listening on de0 07:43:04.743102 12.175.0.44.5323 > 193.124.48.100.53: 42324[|domain] (DF) (ttl 47, id 33838, len 87) 07:43:04.744322 193.124.48.100.53 > 12.175.0.44.5323: 42324 NXDomain*- q:[|domain] (ttl 63, id 12073, len 149) 07:43:04.747240 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 20477 A? www.gecapitalconscardo.kharkov.ua. (51) (DF) (ttl 47, id 33844, len 79) 07:43:04.748483 193.124.48.100.53 > 12.175.0.44.5323: 20477 NXDomain*- q: A? www.gecapitalconscardo.kharkov.ua. 0/1/0 ns: kharkov.ua. (95) (ttl 63, id 12076, len 123) 07:43:04.906224 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 14132 A? www.gecapitalconscardo.te.ua. (46) (DF) (ttl 47, id 33936, len 74) 07:43:04.907484 193.124.48.100.53 > 12.175.0.44.5323: 14132 NXDomain*- q: A? www.gecapitalconscardo.te.ua. 0/1/0 ns: te.ua. (100) (ttl 63, id 12084, len 128) 07:43:04.908717 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 27903 A? www.gecapitalconscardo.uzhgorod.ua. (52) (DF) (ttl 47, id 33941, len 80) 07:43:04.909953 193.124.48.100.53 > 12.175.0.44.5323: 27903 NXDomain*- q: A? www.gecapitalconscardo.uzhgorod.ua. 0/1/0 ns: uzhgorod.ua. (107) (ttl 63, id 12085, len 135) 07:43:04.911208 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 37735 A? www.gecapitalconscardo.zhitomir.ua. (52) (DF) (ttl 47, id 33952, len 80) 07:43:04.912403 193.124.48.100.53 > 12.175.0.44.5323: 37735 NXDomain*- q: A? www.gecapitalconscardo.zhitomir.ua. 0/1/0 ns: zhitomir.ua. (106) (ttl 63, id 12086, len 134) 07:43:05.001490 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 50785 A? www.gecapitalconscardo.lutsk.ua. (49) (DF) (ttl 47, id 34015, len 77) 07:43:05.002845 193.124.48.100.53 > 12.175.0.44.5323: 50785 NXDomain*- q: A? www.gecapitalconscardo.lutsk.ua. 0/1/0 ns: lutsk.ua. (108) (ttl 63, id 12096, len 136) 07:43:05.273971 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 32558 A? www.gecapitalconscardo.kh.ua. (46) (DF) (ttl 47, id 34288, len 74) 07:43:05.275208 193.124.48.100.53 > 12.175.0.44.5323: 32558 NXDomain*- q: A? www.gecapitalconscardo.kh.ua. 0/1/0 ns: kh.ua. (90) (ttl 63, id 12121, len 118) 07:43:05.740125 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 2045 A? www.yourhsbc.ck.ua. (36) (DF) (ttl 47, id 34924, len 64) 07:43:05.741415 193.124.48.100.53 > 12.175.0.44.5323: 2045 NXDomain*- q: A? www.yourhsbc.ck.ua. 0/1/0 ns: ck.ua. SOA[|domain] (ttl 63, id 12191, len 124) 07:43:05.861088 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 51288 A? www.gecapitalconsulting.zhitomir.ua. (53) (DF) (ttl 47, id 35050, len 81) 07:43:05.874355 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 14625 A? www.gecapitalconsulting.uzhgorod.ua. (53) (DF) (ttl 47, id 35159, len 81) 07:43:05.881847 193.124.48.100.53 > 12.175.0.44.5323: 51288 NXDomain*- q: A? www.gecapitalconsulting.zhitomir.ua. 0/1/0 ns: [|domain] (ttl 63, id 12210, len 135) 07:43:05.893205 193.124.48.100.53 > 12.175.0.44.5323: 14625 NXDomain*- q: A? www.gecapitalconsulting.uzhgorod.ua. 0/1/0 ns: [|domain] (ttl 63, id 12213, len 136) 07:43:06.126917 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 37809 A? www.yourhsbc.te.ua. (36) (DF) (ttl 47, id 35398, len 64) 07:43:06.128229 193.124.48.100.53 > 12.175.0.44.5323: 37809 NXDomain*- q: A? www.yourhsbc.te.ua. 0/1/0 ns: te.ua. SOA[|domain] (ttl 63, id 12238, len 118) 07:43:06.129439 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 17031 A? www.yourhsbc.uzhgorod.ua. (42) (DF) (ttl 47, id 35402, len 70) 07:43:06.130819 193.124.48.100.53 > 12.175.0.44.5323: 17031 NXDomain*- q: A? www.yourhsbc.uzhgorod.ua. 0/1/0 ns: uzhgorod.ua. SOA[|domain] (ttl 63, id 12243, len 125) 07:43:06.143726 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 3289 A? www.yourhsbc.zhitomir.ua. (42) (DF) (ttl 47, id 35440, len 70) 07:43:06.157394 193.124.48.100.53 > 12.175.0.44.5323: 3289 NXDomain*- q: A? www.yourhsbc.zhitomir.ua. 0/1/0 ns: zhitomir.ua. SOA[|domain] (ttl 63, id 12252, len 124) 07:43:06.806833 12.175.0.44.5323 > 193.124.48.100.53: 62489[|domain] (DF) (ttl 47, id 35918, len 84) 07:43:06.808953 193.124.48.100.53 > 12.175.0.44.5323: 62489 NXDomain*- q:[|domain] (ttl 63, id 12324, len 139) 07:43:06.809665 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 12998 A? www.gecapitalconsumer.te.ua. (45) (DF) (ttl 47, id 36118, len 73) 07:43:06.810966 193.124.48.100.53 > 12.175.0.44.5323: 12998 NXDomain*- q: A? www.gecapitalconsumer.te.ua. 0/1/0 ns: te.ua. (99) (ttl 63, id 12325, len 127) 07:43:06.811823 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 31287 A? www.gecapitalconsumer.uzhgorod.ua. (51) (DF) (ttl 47, id 36122, len 79) 07:43:06.813043 193.124.48.100.53 > 12.175.0.44.5323: 31287 NXDomain*- q: A? www.gecapitalconsumer.uzhgorod.ua. 0/1/0 ns: uzhgorod.ua. (106) (ttl 63, id 12326, len 134) 07:43:07.625868 12.175.0.44.5323 > 193.124.48.100.53: 38892[|domain] (DF) (ttl 47, id 36976, len 84) 07:43:07.628763 193.124.48.100.53 > 12.175.0.44.5323: 38892 NXDomain*- q:[|domain] (ttl 63, id 12421, len 137) 07:43:07.628966 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 19394 A? www.gecapitalconsumercard.donetsk.ua. (54) (DF) (ttl 47, id 37001, len 82) 07:43:07.630223 193.124.48.100.53 > 12.175.0.44.5323: 19394 NXDomain*- q: A? www.gecapitalconsumercard.donetsk.ua. 0/1/0[|domain] (ttl 63, id 12422, len 135) 07:43:07.685507 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 14563 A? www.gecapitalconsumercard.kharkov.ua. (54) (DF) (ttl 47, id 37017, len 82) 07:43:07.686862 193.124.48.100.53 > 12.175.0.44.5323: 14563 NXDomain*- q: A? www.gecapitalconsumercard.kharkov.ua. 0/1/0[|domain] (ttl 63, id 12426, len 126) 07:43:07.723589 12.175.0.44.5323 > 193.124.48.100.53: 15917[|domain] (DF) (ttl 47, id 37089, len 83) 07:43:07.725039 193.124.48.100.53 > 12.175.0.44.5323: 15917 NXDomain*- q:[|domain] (ttl 63, id 12433, len 138) 07:43:08.469189 12.175.0.44.5323 > 193.124.48.100.53: 21380[|domain] (DF) (ttl 47, id 37915, len 83) 07:43:08.470531 193.124.48.100.53 > 12.175.0.44.5323: 21380 NXDomain*- q:[|domain] (ttl 63, id 12549, len 133) 07:43:08.554258 12.175.0.44.5323 > 193.124.48.100.53: 14154[|domain] (DF) (ttl 47, id 38021, len 85) 07:43:08.555586 193.124.48.100.53 > 12.175.0.44.5323: 14154 NXDomain*- q:[|domain] (ttl 63, id 12557, len 140) 07:43:09.352587 12.175.0.44.5323 > 193.124.48.100.53: 43620[|domain] (DF) (ttl 47, id 38956, len 97) 07:43:09.354035 193.124.48.100.53 > 12.175.0.44.5323: 43620 NXDomain*- q:[|domain] (ttl 63, id 12651, len 159) 07:43:09.439556 12.175.0.44.5323 > 193.124.48.100.53: 33235[|domain] (DF) (ttl 47, id 39037, len 90) 07:43:09.440895 193.124.48.100.53 > 12.175.0.44.5323: 33235 NXDomain*- q:[|domain] (ttl 63, id 12664, len 145) 07:43:09.538089 12.175.0.44.5323 > 193.124.48.100.53: 4102[|domain] (DF) (ttl 47, id 39140, len 84) 07:43:09.539387 193.124.48.100.53 > 12.175.0.44.5323: 4102 NXDomain*- q:[|domain] (ttl 63, id 12675, len 138) 07:43:10.276766 12.175.0.44.5323 > 193.124.54.100.53: [udp sum ok] 49301 A? www.gecapitalcorp.dp.ua. (41) (DF) (ttl 47, id 39909, len 69) 07:43:10.278262 193.124.54.100.53 > 12.175.0.44.5323: 49301 NXDomain*- q: A? www.gecapitalcorp.dp.ua. 0/1/0 ns: dp.ua. SOA[|domain] (ttl 63, id 12771, len 119) 07:43:10.279272 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 49811 A? www.gecapitalcorp.ivano-frankivsk.ua. (54) (DF) (ttl 47, id 39915, len 82) 07:43:10.280712 193.124.48.100.53 > 12.175.0.44.5323: 49811 NXDomain*- q: A? www.gecapitalcorp.ivano-frankivsk.ua. 0/1/0[|domain] (ttl 63, id 12772, len 144) 07:43:10.281824 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 50578 A? www.gecapitalcorp.kherson.ua. (46) (DF) (ttl 47, id 39922, len 74) 07:43:10.283077 193.124.48.100.53 > 12.175.0.44.5323: 50578 NXDomain*- q: A? www.gecapitalcorp.kherson.ua. 0/1/0 ns: kherson.ua. (109) (ttl 63, id 12773, len 137) 07:43:10.290011 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 20445 A? www.gecapitalcorp.ks.ua. (41) (DF) (ttl 47, id 39938, len 69) 07:43:10.291226 193.124.48.100.53 > 12.175.0.44.5323: 20445 NXDomain*- q: A? www.gecapitalcorp.ks.ua. 0/1/0 ns: ks.ua. SOA[|domain] (ttl 63, id 12775, len 140) 07:43:10.303266 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 50354 A? www.gecapitalcorp.te.ua. (41) (DF) (ttl 47, id 39975, len 69) 07:43:10.304687 193.124.48.100.53 > 12.175.0.44.5323: 50354 NXDomain*- q: A? www.gecapitalcorp.te.ua. 0/1/0 ns: te.ua. SOA[|domain] (ttl 63, id 12779, len 123) 07:43:10.310722 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 23503 A? www.gecapitalcorp.uzhgorod.ua. (47) (DF) (ttl 47, id 39987, len 75) 07:43:10.311967 193.124.48.100.53 > 12.175.0.44.5323: 23503 NXDomain*- q: A? www.gecapitalcorp.uzhgorod.ua. 0/1/0 ns: uzhgorod.ua. (102) (ttl 63, id 12781, len 130) 07:43:10.330598 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 32401 A? www.gecapitalcorp.zhitomir.ua. (47) (DF) (ttl 47, id 40003, len 75) 07:43:10.331876 193.124.48.100.53 > 12.175.0.44.5323: 32401 NXDomain*- q: A? www.gecapitalcorp.zhitomir.ua. 0/1/0 ns: zhitomir.ua. (101) (ttl 63, id 12786, len 129) 07:43:10.368711 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 36992 A? www.gecapitalcorp.kh.ua. (41) (DF) (ttl 47, id 40021, len 69) 07:43:10.370034 193.124.48.100.53 > 12.175.0.44.5323: 36992 NXDomain*- q: A? www.gecapitalcorp.kh.ua. 0/1/0 ns: kh.ua. SOA[|domain] (ttl 63, id 12792, len 113) 07:43:11.136415 12.175.0.44.5323 > 193.124.54.100.53: 19706[|domain] (DF) (ttl 47, id 40863, len 84) 07:43:11.137758 193.124.54.100.53 > 12.175.0.44.5323: 19706 NXDomain*- q:[|domain] (ttl 63, id 12867, len 146) 07:43:11.138879 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 25754 A? www.gecapitalcredit.kherson.ua. (48) (DF) (ttl 47, id 40872, len 76) 07:43:11.140216 193.124.48.100.53 > 12.175.0.44.5323: 25754 NXDomain*- q: A? www.gecapitalcredit.kherson.ua. 0/1/0 ns: kherson.ua. (111) (ttl 63, id 12868, len 139) 07:43:11.190213 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 50527 A? www.gecapitalcredit.uzhgorod.ua. (49) (DF) (ttl 47, id 40926, len 77) 07:43:11.191496 193.124.48.100.53 > 12.175.0.44.5323: 50527 NXDomain*- q: A? www.gecapitalcredit.uzhgorod.ua. 0/1/0 ns: uzhgorod.ua. (104) (ttl 63, id 12871, len 132) 07:43:11.206779 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 55121 A? www.gecapitalcredit.zhitomir.ua. (49) (DF) (ttl 47, id 40940, len 77) 07:43:11.208071 193.124.48.100.53 > 12.175.0.44.5323: 55121 NXDomain*- q: A? www.gecapitalcredit.zhitomir.ua. 0/1/0 ns: zhitomir.ua. (103) (ttl 63, id 12872, len 131) 07:43:12.054003 12.175.0.44.5323 > 193.124.54.100.53: 43053[|domain] (DF) (ttl 47, id 41797, len 89) 07:43:12.055240 193.124.54.100.53 > 12.175.0.44.5323: 43053 NXDomain*- q:[|domain] (ttl 63, id 12953, len 151) 07:43:12.061433 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 56573 A? www.gecapitalcredit-card.kh.ua. (48) (DF) (ttl 47, id 41807, len 76) 07:43:12.062643 193.124.48.100.53 > 12.175.0.44.5323: 56573 NXDomain*- q: A? www.gecapitalcredit-card.kh.ua. 0/1/0 ns: kh.ua. (92) (ttl 63, id 12954, len 120) 07:43:12.106980 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 16445 A? www.gecapitalcredit-card.te.ua. (48) (DF) (ttl 47, id 41865, len 76) 07:43:12.108275 193.124.48.100.53 > 12.175.0.44.5323: 16445 NXDomain*- q: A? www.gecapitalcredit-card.te.ua. 0/1/0 ns: te.ua. (102) (ttl 63, id 12960, len 130) 07:43:12.122721 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 17717 A? www.gecapitalcredit-card.uzhgorod.ua. (54) (DF) (ttl 47, id 41885, len 82) 07:43:12.124046 193.124.48.100.53 > 12.175.0.44.5323: 17717 NXDomain*- q: A? www.gecapitalcredit-card.uzhgorod.ua. 0/1/0[|domain] (ttl 63, id 12962, len 137) 07:43:12.125214 12.175.0.44.5323 > 193.124.48.100.53: [udp sum ok] 48184 A? www.gecapitalcredit-card.zhitomir.ua. (54) (DF) (ttl 47, id 41887, len 82) 07:43:12.126413 193.124.48.100.53 > 12.175.0.44.5323: 48184 NXDomain*- q: A? www.gecapitalcredit-card.zhitomir.ua. 0/1/0[|domain] (ttl 63, id 12963, len 136) ^C 2045 packets received by filter 0 packets dropped by kernel -- Best regards, Paul Arakelyan. =================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message
participants (1)
-
Paul Arakelyan