The Latest in IT Security

Dynamic DNS sites you might want to block II

29
Nov
2012

These Dynamic DNS domains belong to a mystery outfit called dnsdynamic.org, and several of them seem to be in the process of being abused by third parties (for example). The registrations seem to be anonymised, some poking around at the recent WHOIS history of one of these domains (freedynamicdns.com) reveals ownership details of:

      Manager, Domain  [email protected]
      Invertebrate ISP
      PO Box 405
      Glenmont, New York 12077
      United States
      +1.2623946781

More digging at invertabrateisp.com comes up with a real name:

      Wilde, Tim  [redacted]
      [redacted]
      Glenmont, New York 12077
      United States
      [redacted]      Fax -- 

Anyway, Mr Wilde is  not connected with the malicious activity going on with these domains, but he is providing a service that is being abused. Interestingly he founded DynDNS before selling it on.

Dynamic DNS services can be useful, but my personal recommendation is that you should consider blocking them as the bad guys are very good at abusing them. Overall, these are not as bad as the ones run by ChangeIP.com (see here).

There are two versions of this list, one links through to the Google
Safe Browsing diagnostics report in case you want to review them on a
case-by-case basis before blocking them (yellow highlighted ones have some malware, red
highlighted ones are blocked by Google). The second one is a plain list
of everything in case you want to block them completely.

adultdns.net [report]
andrewhaberman.com [report]
ddns01.eu [report]
ddnsd.eu [report]
dns53.biz [report]
dnsapi.info [report]
dnsd.info [report]
dnsd.me [report]
dnsdynamic.com [report]
dnsdynamic.net [report]
dnsdynamic.org [report]
fe100.net [report]
freedynamicdns.com [report]
ftp21.net [report]
http80.info [report]
https443.com [report]
imap01.com [report]
ns360.info [report]
ole32.com [report]
ssh01.com [report]
ssh22.net [report]
tftpd.net [report]
ttl60.com [report]
ttl60.org [report]
user32.com [report]
voip01.com [report]
wow64.net [report]

Plain list for copy-and-pasting:
adultdns.net
andrewhaberman.com
ddns01.eu
ddnsd.eu
dns53.biz
dnsapi.info
dnsd.info
dnsd.me
dnsdynamic.com
dnsdynamic.net
dnsdynamic.org
fe100.net
freedynamicdns.com
ftp21.net
http80.info
https443.com
imap01.com
ns360.info
ole32.com
ssh01.com
ssh22.net
tftpd.net
ttl60.com
ttl60.org
user32.com
voip01.com
wow64.net

Leave a reply


Categories

FRIDAY, NOVEMBER 17, 2017

Featured

Archives

Latest Comments

Social Networks