DoS?

Cricket Liu cricket at menandmice.com
Thu Oct 24 15:09:34 UTC 2002


Sam Pointer wrote:
> I am also now receiving these from another 2 IP addresses in Mexico.
> Again, because of your advice I am not concerned and post merely out
> of interest. The IPs are 207.248.224.71 and 207.248.224.72, and are
> assigned to a completely different company.
>
> The records they are trying to insert are *exactly* the same..., and
> I mean exactly - even down to the machine-specifc portions of the
> records... which leads me to think that this may be more than a
> simple screw-up on someone's part.
>
> Maybe I am being overly paranoid, maybe not (here's some examples):
>
> client 200.76.208.70#54177: query:
> _ldap._tcp.447095c0-a735-4352-81a2-e96529823cab.domains._msdcs.hpdsc.com
> IN SOA
> client 207.248.224.71#17100: query:
> _ldap._tcp.447095c0-a735-4352-81a2-e96529823cab.domains._msdcs.hpdsc.com
> IN SOA
>
> client 207.248.224.71#16265: query: PRDCMX01.hpdsc.com IN SOA
> client 200.76.208.65#3711: query: PRDCMX01.hpdsc.com IN SOA

These aren't records those clients are trying to insert; they're records
those
clients are trying to look up.  And they're exactly the same because you're
dealing with clients for the same AD domain.

cricket

Men & Mice
DNS Software, Training and Consulting
www.menandmice.com

The DNS and BIND Cookbook, available now!
http://www.oreilly.com/catalog/dnsbindckbk/



More information about the bind-users mailing list