<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi Randy,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We saw a strange pattern a few days ago, which we initially thought came from Google resolvers, coming from GCE.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">A few 10K qps per NS instance.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Block lasting ~12 hours, seemingly .com registrations attempted towards our cctld.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Br,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thomas<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="color:black">From:
</span></b><span style="color:black">dns-operations <dns-operations-bounces@dns-oarc.net> on behalf of Randy Bush <randy@psg.com><br>
<b>Date: </b>Wednesday, 12 June 2024 at 18:34<br>
<b>To: </b>DNS Operations <dns-operations@dns-oarc.net><br>
<b>Subject: </b>[dns-operations] cctld enumeration attack<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">[Sommige personen die dit bericht ontvangen, ontvangen vaak geen e-mail van randy@psg.com. Informatie over waarom dit belangrijk is op
<a href="https://aka.ms/LearnAboutSenderIdentification%5d">https://aka.ms/LearnAboutSenderIdentification]</a><br>
<br>
anyone else seeing somewhat serious distributed cctld enumeration<br>
attempts?<br>
<br>
randy<br>
_______________________________________________<br>
dns-operations mailing list<br>
dns-operations@lists.dns-oarc.net<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations">https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.dns-oarc.net%2Fmailman%2Flistinfo%2Fdns-operations&data=05%7C02%7Cthomas.dupas%40dnsbelgium.be%7C76bd003a0eef431d351308dc8afd8aae%7C695195dec0cb447892042a861e60e59c%7C0%7C0%7C638538068766321960%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=uSGMrDl30DWQyOssYgHswQDoWsw4GdvHJJGrvB8eYCU%3D&reserved=0</a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</body>
</html>