notify question section contains no SOA: 1 Time(s)
Kevin Darcy
kcd at daimlerchrysler.com
Fri Jan 3 16:50:14 UTC 2003
Tim Maestas wrote:
>>In fact, we have the answer:
>>
>>12/30/02-00:16:44.089887 [**] [1:1616:1] DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 131.193.178.100:1264 -> xxx.xxx.xxx.xxx:53
>>
>>The above happened at the same time as one of the messages regarding a
>>malformed NOTIFY.
>>
>>100.178.193.131.in-addr.arpa is an alias for 100.0-24.178.193.131.in-addr.arpa.
>>100.0-24.178.193.131.in-addr.arpa domain name pointer network-surveys.cr.yp.to.
>>
>>
>>
>
>Yeah, I've seen these too. It's DJB's survey scans.....
>
Oh, right. Just ignore any malformed packets you see coming from a
cr.yp.to domain; the domain owner is chronically unwilling to follow
modern DNS standards :-)
- Kevin
>
>
More information about the bind-users
mailing list