

New domain bitstress.com being used in dns amplification attacks - caprock
http://dnsamplificationattacks.blogspot.com/2013/09/domain-bitstresscom.html

======
caprock
Many dns amplification attacks have made use of the domain isc.org due to it's
large size and entry count. It looks like someone has now registered and setup
the new domain bitstress.com, as a possible alternative. Note the large number
of odd entries in the zone.

Some people have been using iptables to suppress dns amplification attacks, by
referencing isc.org with variations on the following theme/hash:

-A INPUT -i eth0 -p udp --dport 53 -m string --hex-string "|03697363036f726700|" \--algo bm --to 65535 -j just-drop

Here's a new variation for the new bitstress.com domain:

-A INPUT -i eth0 -p udp --dport 53 -m string --hex-string "|0962697473747265737303636f6d00|" \--algo bm --to 65535 -j just-drop

