* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!


» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)


Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

DOS Attack from (OpenDNS)

My server is also being hammered by domain names that always resolve to This address apparently  belongs to OpenDNS which seems to be a legit company.

The behavior is the same described in the previous post, but they don't contain the SBUA user agent. 

I've found some information online about this IP, and it seems involved in forum spam (about drugs) and apparently a guy in a Spanish Linux forum was complaining his ftp server had been attacked by this IP.

Here are some of the domain names:

New ones are showing up  everyday, but they always resolve to hit-nxdomain.opendns.com

I already contacted abuse@opendns.com but got no reply so far.

What might be going on? Why ME???
Fernando Rodriguez (EasyJob Resume Builder) Send private email
Thursday, August 13, 2009
If your machine's DNS server is pointing to opendns, then everything will resolve to opendns (all unkown domains). They do that, in order to "suggest" you alternative searches. That's how they make money.

So, resolving to opendns, does not mean that they own it.
Saurabh Send private email
Thursday, August 13, 2009
Saurabh was right on the money with that reply.  Are you sure you aren't using OpenDNS as your DNS server?
SM Send private email
Thursday, August 13, 2009
Sorry, I hit enter too soon.

Perhaps you are getting DOS'ed from a spoofed ip that does not resolve at all, therefore it seems to lead back to OpenDNS.  OpenDNS sounds like a red herring here; they are almost certainly not attacking you.
SM Send private email
Thursday, August 13, 2009
Yes, they are innocent and I'm getting as a fallback address from  OpenDNS because the domains are not resolving correctly.
Fernando Rodriguez (EasyJob Resume Builder) Send private email
Thursday, August 13, 2009
Several years ago I had a similar problem and my host company solved it by changing my servers IP address and leaving the 'old' IP address in a black hole.
glen harvy Send private email
Thursday, August 13, 2009
All OpenDNS does is quickly resolve domain requests to IP's. Sounds like the hacking community is simply using them as a very fast conduit to attack various IP locations quickly with little transparency. All these have to do is switch the IP on a few domains picked up by OpenDNS, and probably get immediate results as far as who they target. I would forget the IP and tell them what are the offending domains, and have them blacklisted. They should be able to control what domains they are processing for their clients?
Stormy Send private email
Friday, August 14, 2009

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz