* The Business of Software

A community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

This community works best when people use their real names. Please register for a free account.

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Movie:

"Make Better Software" is a 6 movie course designed to help you as you grow from a micro-ISV to a large software company.
Part 1: Recruiting
Part 2: Team Members
Part 3: Environment
Part 4: Schedules
Part 5: Lifecycle
Part 6: Design

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

DOS Attack from 67.215.65.132 (OpenDNS)

My server is also being hammered by domain names that always resolve to 67.215.65.132. This address apparently  belongs to OpenDNS which seems to be a legit company.

The behavior is the same described in the previous post, but they don't contain the SBUA user agent. 

I've found some information online about this IP, and it seems involved in forum spam (about drugs) and apparently a guy in a Spanish Linux forum was complaining his ftp server had been attacked by this IP.

Here are some of the domain names:
retail.dynamic.sify.net        
8323316588-host.servainet.com        
static.unknown.charter.com    
54.60.in-addr.arpa
132.115.in-addr.arpa

New ones are showing up  everyday, but they always resolve to 67.215.65.132: hit-nxdomain.opendns.com

I already contacted abuse@opendns.com but got no reply so far.

What might be going on? Why ME???
Fernando Rodriguez (EasyJob Resume Builder) Send private email
Thursday, August 13, 2009
 
 
If your machine's DNS server is pointing to opendns, then everything will resolve to opendns (all unkown domains). They do that, in order to "suggest" you alternative searches. That's how they make money.

So, resolving to opendns, does not mean that they own it.
Saurabh Send private email
Thursday, August 13, 2009
 
 
Saurabh was right on the money with that reply.  Are you sure you aren't using OpenDNS as your DNS server?
SM Send private email
Thursday, August 13, 2009
 
 
Sorry, I hit enter too soon.

Perhaps you are getting DOS'ed from a spoofed ip that does not resolve at all, therefore it seems to lead back to OpenDNS.  OpenDNS sounds like a red herring here; they are almost certainly not attacking you.
SM Send private email
Thursday, August 13, 2009
 
 
Yes, they are innocent and I'm getting 67.215.65.132 as a fallback address from  OpenDNS because the domains are not resolving correctly.
Fernando Rodriguez (EasyJob Resume Builder) Send private email
Thursday, August 13, 2009
 
 
Several years ago I had a similar problem and my host company solved it by changing my servers IP address and leaving the 'old' IP address in a black hole.
glen harvy Send private email
Thursday, August 13, 2009
 
 
All OpenDNS does is quickly resolve domain requests to IP's. Sounds like the hacking community is simply using them as a very fast conduit to attack various IP locations quickly with little transparency. All these have to do is switch the IP on a few domains picked up by OpenDNS, and probably get immediate results as far as who they target. I would forget the IP and tell them what are the offending domains, and have them blacklisted. They should be able to control what domains they are processing for their clients?
Stormy Send private email
Friday, August 14, 2009
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz