Skip to content

Instantly share code, notes, and snippets.

@pekeq
Last active April 10, 2023 05:37
Show Gist options
  • Save pekeq/6362508 to your computer and use it in GitHub Desktop.
Save pekeq/6362508 to your computer and use it in GitHub Desktop.
twitterのDNS Attackが、OCNのDNSキャッシュサーバーに残っていたので記録

twitterのDNS Attackが、OCNのDNSキャッシュサーバーに残っていたので記録してみた。

[2013/8/28 18:44追記] キャッシュの中身、正しいものになったようです。

nv6-ef701.ocn.ad.jp. (2001:380:0:4::1)

$ dig twimg.com ns @2001:380:0:4::1

; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @2001:380:0:4::1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59697
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com.                     IN      NS

;; ANSWER SECTION:
twimg.com.              86213   IN      NS      ns5.boxsecured.com.
twimg.com.              86213   IN      NS      ns6.boxsecured.com.

;; Query time: 12 msec
;; SERVER: 2001:380:0:4::1#53(2001:380:0:4::1)
;; WHEN: Wed Aug 28 14:42:33 2013
;; MSG SIZE  rcvd: 85
$ dig twimg.com ns @2001:380:0:4::1

; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @2001:380:0:4::1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11040
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com.                     IN      NS

;; ANSWER SECTION:
twimg.com.              86400   IN      NS      ns3.p34.dynect.net.
twimg.com.              86400   IN      NS      ns2.p34.dynect.net.
twimg.com.              86400   IN      NS      ns1.p34.dynect.net.
twimg.com.              86400   IN      NS      ns4.p34.dynect.net.

;; ADDITIONAL SECTION:
ns1.p34.dynect.net.     104     IN      AAAA    2001:500:90:1::34
ns3.p34.dynect.net.     263     IN      AAAA    2001:500:94:1::34

;; Query time: 11 msec
;; SERVER: 2001:380:0:4::1#53(2001:380:0:4::1)
;; WHEN: Wed Aug 28 18:43:58 2013
;; MSG SIZE  rcvd: 180

nv6-wf601.ocn.ad.jp. (2001:380:0:104::1)

$ dig twimg.com ns @2001:380:0:104::1

; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @2001:380:0:104::1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9625
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com.                     IN      NS

;; ANSWER SECTION:
twimg.com.              86312   IN      NS      ns5.boxsecured.com.
twimg.com.              86312   IN      NS      ns6.boxsecured.com.

;; Query time: 14 msec
;; SERVER: 2001:380:0:104::1#53(2001:380:0:104::1)
;; WHEN: Wed Aug 28 14:42:51 2013
;; MSG SIZE  rcvd: 85
$ dig twimg.com ns @2001:380:0:104::1

; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @2001:380:0:104::1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54999
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com.                     IN      NS

;; ANSWER SECTION:
twimg.com.              86400   IN      NS      ns3.p34.dynect.net.
twimg.com.              86400   IN      NS      ns1.p34.dynect.net.
twimg.com.              86400   IN      NS      ns2.p34.dynect.net.
twimg.com.              86400   IN      NS      ns4.p34.dynect.net.

;; ADDITIONAL SECTION:
ns1.p34.dynect.net.     225     IN      AAAA    2001:500:90:1::34
ns3.p34.dynect.net.     116     IN      AAAA    2001:500:94:1::34

;; Query time: 23 msec
;; SERVER: 2001:380:0:104::1#53(2001:380:0:104::1)
;; WHEN: Wed Aug 28 18:44:27 2013
;; MSG SIZE  rcvd: 180

nv-ew701.ocn.ad.jp. (202.234.233.222)

$ dig twimg.com ns @202.234.233.222

; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @202.234.233.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3988
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com.                     IN      NS

;; ANSWER SECTION:
twimg.com.              85417   IN      NS      ns5.boxsecured.com.
twimg.com.              85417   IN      NS      ns6.boxsecured.com.

;; ADDITIONAL SECTION:
ns5.boxsecured.com.     13806   IN      A       212.1.211.126

;; Query time: 21 msec
;; SERVER: 202.234.233.222#53(202.234.233.222)
;; WHEN: Wed Aug 28 14:43:07 2013
;; MSG SIZE  rcvd: 101
$ dig twimg.com ns @202.234.233.222

; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @202.234.233.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25165
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com.                     IN      NS

;; ANSWER SECTION:
twimg.com.              86337   IN      NS      ns3.p34.dynect.net.
twimg.com.              86337   IN      NS      ns4.p34.dynect.net.
twimg.com.              86337   IN      NS      ns2.p34.dynect.net.
twimg.com.              86337   IN      NS      ns1.p34.dynect.net.

;; ADDITIONAL SECTION:
ns1.p34.dynect.net.     173     IN      AAAA    2001:500:90:1::34
ns3.p34.dynect.net.     204     IN      AAAA    2001:500:94:1::34

;; Query time: 6 msec
;; SERVER: 202.234.233.222#53(202.234.233.222)
;; WHEN: Wed Aug 28 18:44:45 2013
;; MSG SIZE  rcvd: 180

nv-ww601.ocn.ad.jp. (221.113.139.158)

$ dig twimg.com ns @221.113.139.158

; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @221.113.139.158
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12123
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com.                     IN      NS

;; ANSWER SECTION:
twimg.com.              86278   IN      NS      ns6.boxsecured.com.
twimg.com.              86278   IN      NS      ns5.boxsecured.com.

;; Query time: 17 msec
;; SERVER: 221.113.139.158#53(221.113.139.158)
;; WHEN: Wed Aug 28 14:43:25 2013
;; MSG SIZE  rcvd: 85
$ dig twimg.com ns @221.113.139.158

; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @221.113.139.158
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45632
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com.                     IN      NS

;; ANSWER SECTION:
twimg.com.              86400   IN      NS      ns2.p34.dynect.net.
twimg.com.              86400   IN      NS      ns1.p34.dynect.net.
twimg.com.              86400   IN      NS      ns3.p34.dynect.net.
twimg.com.              86400   IN      NS      ns4.p34.dynect.net.

;; ADDITIONAL SECTION:
ns1.p34.dynect.net.     31      IN      AAAA    2001:500:90:1::34
ns3.p34.dynect.net.     99      IN      AAAA    2001:500:94:1::34

;; Query time: 25 msec
;; SERVER: 221.113.139.158#53(221.113.139.158)
;; WHEN: Wed Aug 28 18:45:09 2013
;; MSG SIZE  rcvd: 180

nv-td501.ocn.ad.jp. (202.234.232.6)

$ dig twimg.com ns @202.234.232.6

; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @202.234.232.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43192
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com.                     IN      NS

;; ANSWER SECTION:
twimg.com.              67699   IN      NS      ns5.boxsecured.com.
twimg.com.              67699   IN      NS      ns6.boxsecured.com.

;; Query time: 8 msec
;; SERVER: 202.234.232.6#53(202.234.232.6)
;; WHEN: Wed Aug 28 14:57:51 2013
;; MSG SIZE  rcvd: 85
$ dig twimg.com ns @202.234.232.6

; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @202.234.232.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49353
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com.                     IN      NS

;; ANSWER SECTION:
twimg.com.              86314   IN      NS      ns3.p34.dynect.net.
twimg.com.              86314   IN      NS      ns4.p34.dynect.net.
twimg.com.              86314   IN      NS      ns1.p34.dynect.net.
twimg.com.              86314   IN      NS      ns2.p34.dynect.net.

;; ADDITIONAL SECTION:
ns4.p34.dynect.net.     41498   IN      A       204.13.251.34
ns1.p34.dynect.net.     41468   IN      A       208.78.70.34
ns1.p34.dynect.net.     8       IN      AAAA    2001:500:90:1::34
ns2.p34.dynect.net.     41473   IN      A       204.13.250.34
ns3.p34.dynect.net.     41485   IN      A       208.78.71.34
ns3.p34.dynect.net.     82      IN      AAAA    2001:500:94:1::34

;; Query time: 5 msec
;; SERVER: 202.234.232.6#53(202.234.232.6)
;; WHEN: Wed Aug 28 18:45:28 2013
;; MSG SIZE  rcvd: 244

nv-kd501.ocn.ad.jp. (221.113.139.250)

$ dig twimg.com ns @221.113.139.250

; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @221.113.139.250
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21673
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com.                     IN      NS

;; ANSWER SECTION:
twimg.com.              75561   IN      NS      ns5.boxsecured.com.
twimg.com.              75561   IN      NS      ns6.boxsecured.com.

;; Query time: 17 msec
;; SERVER: 221.113.139.250#53(221.113.139.250)
;; WHEN: Wed Aug 28 14:58:35 2013
;; MSG SIZE  rcvd: 85
$ dig twimg.com ns @221.113.139.250

; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @221.113.139.250
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63764
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com.                     IN      NS

;; ANSWER SECTION:
twimg.com.              86400   IN      NS      ns1.p34.dynect.net.
twimg.com.              86400   IN      NS      ns2.p34.dynect.net.
twimg.com.              86400   IN      NS      ns4.p34.dynect.net.
twimg.com.              86400   IN      NS      ns3.p34.dynect.net.

;; ADDITIONAL SECTION:
ns2.p34.dynect.net.     41493   IN      A       204.13.250.34
ns4.p34.dynect.net.     41492   IN      A       204.13.251.34
ns3.p34.dynect.net.     41492   IN      A       208.78.71.34
ns3.p34.dynect.net.     299     IN      AAAA    2001:500:94:1::34
ns1.p34.dynect.net.     41522   IN      A       208.78.70.34
ns1.p34.dynect.net.     171     IN      AAAA    2001:500:90:1::34

;; Query time: 25 msec
;; SERVER: 221.113.139.250#53(221.113.139.250)
;; WHEN: Wed Aug 28 18:45:48 2013
;; MSG SIZE  rcvd: 244
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment