Some sort of attack?
Doug Barton
DougB at DougBarton.net
Thu Jan 23 00:34:20 UTC 2003
On Wed, 22 Jan 2003, Mark wrote:
> Hi,
>
> Perusing my logs, my query-log (BIND 8.3.4, FreeBSD 4.7R) is suddenly filled
> with odd queries for "extra". Like so:
>
> .... XX /207.217.120.20/extra.asarian-host.net/MX/IN
>
> No "extra" exists, btw. It seems some form of attack. Many of these queries
> also come from legitimate name servers (from earthlink.net), so I cannot
> just block them all.
Put an answer for that query on your name server, and the queries will
slow down at least. Chances are someone sent out a spam with that as the
hostname, and mail servers all over the world are banging away looking for
who to send the bounces too.
Doug
--
"We have known freedom's price. We have shown freedom's power.
And in this great conflict, ... we will see freedom's victory."
- George W. Bush, President of the United States
State of the Union, January 28, 2002
Do YOU Yahoo!?
More information about the bind-users
mailing list