Not so easy and straightforward to do. You'll find that a lot of the big names out there frequently tweak DNS, which will result in a non-stop stream of "alerts".
Andy Andrew Fried andrew.fr...@gmail.com On 6/20/13 3:57 PM, Jared Mauch wrote: > It seems there may be a need for some sort of 'dns-health' check out there > that can be done in semi-realtime. > > I ran a report for someone earlier today on a domain doing an xref against > open resolver data searching for valid responses vs invalid ones. > > Is this of value? Does it need to be automated? > > - Jared > > On Jun 20, 2013, at 3:53 PM, jamie rishaw <j...@arpa.com> wrote: > >> This is most definitely a coordinated and planned attack. >> >> And by 'attack' I mean hijacking of domain names. >> >> I show as of this morning nearly fifty thousand domain names that appear >> suspicious. >> >> I'm tempted to call uscentcom and/or related agencies (which agencies, who >> the hell knows, as ICE seems to have some sort of authority over domains >> (nearly two hundred fifty of them as I type this in COM alone and another >> thirty-some in NET). >> >> Anyone credentialed (credentialed /n/., "I know you or know of you,") >> wanting data, e-mail me off-list for some TLD goodness. >> >> >> >> >> >> >> On Thu, Jun 20, 2013 at 12:29 PM, Phil Fagan <philfa...@gmail.com> wrote: >> >>> Agree'd in these "smaller" scenario's I just wonder if in a larger scale >>> scenario, whatever that might look like, if its necessary. Whereby many >>> organizations who provide "services" are effected. Perhaps the result of a >>> State led campaign ....topic for another day. >>> >>> >>> >>> >>> On Thu, Jun 20, 2013 at 11:25 AM, Paul Ferguson <fergdawgs...@gmail.com >>>> wrote: >>> >>>> I am betting that Netsol doesn't need any more "coordination" at the >>>> moment -- their phones are probably ringing off-the-hook. There are >>>> still ~400 domains still pointing to the ztomy NS: >>>> >>>> >>>> ; <<>> DiG 9.7.3 <<>> @foohost parsonstech.com NS >>>> ; (1 server found) >>>> ;; global options: +cmd >>>> ;; Got answer: >>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49064 >>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 >>>> >>>> ;; QUESTION SECTION: >>>> ;parsonstech.com. IN NS >>>> >>>> ;; ANSWER SECTION: >>>> parsonstech.com. 172800 IN NS ns2617.ztomy.com. >>>> parsonstech.com. 172800 IN NS ns1617.ztomy.com. >>>> >>>> ;; Query time: 286 msec >>>> ;; SERVER: 127.0.0.1#53(127.0.0.1) >>>> ;; WHEN: Thu Jun 20 19:16:25 2013 >>>> ;; MSG SIZE rcvd: 81 >>>> >>>> - ferg >>>> >>>> On Thu, Jun 20, 2013 at 10:13 AM, Phil Fagan <philfa...@gmail.com> >>> wrote: >>>> >>>>> I should caveat.....coordinate the "recovery" of. >>>>> >>>>> >>>>> On Thu, Jun 20, 2013 at 11:10 AM, Brandon Butterworth >>>>> <bran...@rd.bbc.co.uk>wrote: >>>>> >>>>>>> Is there an organization that coordinates outages like this amongst >>>> the >>>>>>> industry? >>>>>> >>>>>> No, usually they are surprise outages though Anonymous have tried >>>>>> coordinating a few >>>>>> >>>>>> brandon >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Phil Fagan >>>>> Denver, CO >>>>> 970-480-7618 >>>> >>>> >>>> >>>> -- >>>> "Fergie", a.k.a. Paul Ferguson >>>> fergdawgster(at)gmail.com >>>> >>> >>> >>> >>> -- >>> Phil Fagan >>> Denver, CO >>> 970-480-7618 >>> >> >> >> >> -- >> Jamie Rishaw // .com.arpa@j <- reverse it. ish. >> [Impressive C-level Title Here], arpa / arpa labs > >
