--- Begin Message ---
Hi Thomas and Randy,
For what it's worth and from an end-user perspective in this: as a holder of
many domains in many tlds, there's a new round of scams / spam where owners of
domain.cctld is informed domain.com <http://domain.com/> is in
pendingDelete/redemptionPeriod/... status, and trying to sell / auction the
domain.com <http://domain.com/>. (just got one this morning for a .com
equivalent to a .be I own)
"They" are probably building their lists...
Frank
> On 13 Jun 2024, at 09:04, Thomas Dupas via dns-operations
> <[email protected]> wrote:
>
>
> From: Thomas Dupas <[email protected]
> <mailto:[email protected]>>
> Subject: Re: [dns-operations] cctld enumeration attack
> Date: 13 June 2024 at 09:04:51 CEST
> To: Randy Bush <[email protected] <mailto:[email protected]>>
> Cc: DNS Operations <[email protected]
> <mailto:[email protected]>>
>
>
> Hi Randy,
>
> We saw a strange pattern a few days ago, which we initially thought came from
> Google resolvers, coming from GCE.
> A few 10K qps per NS instance.
> Block lasting ~12 hours, seemingly .com registrations attempted towards our
> cctld.
>
> Br,
>
> Thomas
>
> From: dns-operations <[email protected]
> <mailto:[email protected]>> on behalf of Randy Bush
> <[email protected] <mailto:[email protected]>>
> Date: Wednesday, 12 June 2024 at 18:34
> To: DNS Operations <[email protected]
> <mailto:[email protected]>>
> Subject: [dns-operations] cctld enumeration attack
>
> [Sommige personen die dit bericht ontvangen, ontvangen vaak geen e-mail van
> [email protected] <mailto:[email protected]>. Informatie over waarom dit belangrijk
> is op https://aka.ms/LearnAboutSenderIdentification]
> <https://aka.ms/LearnAboutSenderIdentification%5d>
>
> anyone else seeing somewhat serious distributed cctld enumeration
> attempts?
>
> randy
> _______________________________________________
> dns-operations mailing list
> [email protected] <mailto:[email protected]>
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.dns-oarc.net%2Fmailman%2Flistinfo%2Fdns-operations&data=05%7C02%7Cthomas.dupas%40dnsbelgium.be%7C76bd003a0eef431d351308dc8afd8aae%7C695195dec0cb447892042a861e60e59c%7C0%7C0%7C638538068766321960%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=uSGMrDl30DWQyOssYgHswQDoWsw4GdvHJJGrvB8eYCU%3D&reserved=0
> <https://lists.dns-oarc.net/mailman/listinfo/dns-operations>
>
> _______________________________________________
> dns-operations mailing list
> [email protected] <mailto:[email protected]>
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
