DNS Exploit Attempts??
Terpasaur
emery.rudolph at gmail.com
Wed Jul 30 15:55:48 UTC 2008
Good morning.
I upgraded our last resolver this morning to the new P1 code and
turned on "rndc querylog". I am seeing a steady stream of these
messages with the same IP at a rate of about 100/min.
Jul 30 11:50:39 ns2 named[2780]: [ID 873579 daemon.info] security:
info: client 194.85.88.199#22941: query (cache) './ANY/IN' denied
Is this an example of the cache exploit attempt?
I've already spoken with our INET team about blocking the IP at the
firewall a couple of days to see if the automated mechanism stops
because of denied access, or if it continues regardless.
Thanks,
Emery Rudolph
Sr. Systems Analyst
Office of Information Technology
University of Maryland University College
Email: Erudolph at umuc.edu
More information about the bind-users
mailing list