Is them a buffer overflow attempt ?

Jim Reid jim at rfc1035.com
Sun Aug 6 11:29:21 UTC 2000


>>>>> "Andrew" == Andrew Stubbs <andrews at stusoft.com> writes:

    Andrew> I keep getting the following in my logs - is it somebody
    Andrew> triying to corrupt my DNS or just my paranoia:

    Andrew> (names changed to protect the (not) so innocent andrew

There was no point doing this.

    Andrew> Aug 5 22:37:53 portia named[117]: XX /137.226.112.zz/xx.com/A/IN
    Andrew> Aug 5 22:38:01 portia named[117]: XX /137.226.112.zz/xx.com/A/IN
    Andrew> Aug 5 22:38:02 portia named[117]: XX /137.226.144.zz/xx.com/A/IN
    Andrew> Aug 5 22:38:03 portia named[117]: XX /137.226.112.zz/xx.com/A/IN

    Andrew> and on and on for over half an hour

These are just standard log entries for queries. They're innocuous.
Unless these IP addresses are not supposed to be querying your name
server for A records for xx.com. Even then, it's hard to see how those
queries could be "corrupting your name server".



More information about the bind-users mailing list