Some sort of attack?
DougB at DougBarton.net
Thu Jan 23 00:34:20 UTC 2003
On Wed, 22 Jan 2003, Mark wrote:
> Perusing my logs, my query-log (BIND 8.3.4, FreeBSD 4.7R) is suddenly filled
> with odd queries for "extra". Like so:
> .... XX /188.8.131.52/extra.asarian-host.net/MX/IN
> No "extra" exists, btw. It seems some form of attack. Many of these queries
> also come from legitimate name servers (from earthlink.net), so I cannot
> just block them all.
Put an answer for that query on your name server, and the queries will
slow down at least. Chances are someone sent out a spam with that as the
hostname, and mail servers all over the world are banging away looking for
who to send the bounces too.
"We have known freedom's price. We have shown freedom's power.
And in this great conflict, ... we will see freedom's victory."
- George W. Bush, President of the United States
State of the Union, January 28, 2002
Do YOU Yahoo!?
More information about the bind-users