[dns-operations] cctld enumeration attack

Thomas Dupas thomas.dupas at dnsbelgium.be
Thu Jun 13 07:04:51 UTC 2024


Hi Randy,

We saw a strange pattern a few days ago, which we initially thought came from Google resolvers, coming from GCE.
A few 10K qps per NS instance.
Block lasting ~12 hours, seemingly .com registrations attempted towards our cctld.

Br,

Thomas

From: dns-operations <dns-operations-bounces at dns-oarc.net> on behalf of Randy Bush <randy at psg.com>
Date: Wednesday, 12 June 2024 at 18:34
To: DNS Operations <dns-operations at dns-oarc.net>
Subject: [dns-operations] cctld enumeration attack
[Sommige personen die dit bericht ontvangen, ontvangen vaak geen e-mail van randy at psg.com. Informatie over waarom dit belangrijk is op https://aka.ms/LearnAboutSenderIdentification]<https://aka.ms/LearnAboutSenderIdentification%5d>

anyone else seeing somewhat serious distributed cctld enumeration
attempts?

randy
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.dns-oarc.net%2Fmailman%2Flistinfo%2Fdns-operations&data=05%7C02%7Cthomas.dupas%40dnsbelgium.be%7C76bd003a0eef431d351308dc8afd8aae%7C695195dec0cb447892042a861e60e59c%7C0%7C0%7C638538068766321960%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=uSGMrDl30DWQyOssYgHswQDoWsw4GdvHJJGrvB8eYCU%3D&reserved=0<https://lists.dns-oarc.net/mailman/listinfo/dns-operations>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20240613/5dd140b3/attachment.html>


More information about the dns-operations mailing list