help! (excessive queries for www.brodcast.net, stage.broder.c om)
Randy Adams
Randy.Adams at Telus.com
Thu Dec 28 20:51:27 UTC 2000
We've had a similar item here. different host, but it turned out to be some
of this spyware software..
Reporting back to the 'mothership' to get user specific advertising and post
local details...
It ended up choking one of the firewalls by filling the logs. even after the
software was uninstalled, the software dll kept puking out these requests...
Good luck.
-----Original Message-----
From: Scott Bertilson [mailto:scott at nts.umn.edu]
Sent: Thursday, December 28, 2000 1:41 PM
To: Duane Cox
Cc: bind-users at isc.org
Subject: Re: help! (excessive queries for www.brodcast.net,
stage.broder.com)
We've also had a number of machines wildly querying for
"stage.broder.com". Both of these addresses show up as
belonging to Broderbund Software. Any ideas as to what
is generating these queries or how to eliminate them would
be most helpful.
Thanks, Scott
> our nameservers are for the past week getting way overworked..
> when i started looking into this, i found out that our dialup customers
> apparently, unless the ip is spoofed, all of them seem to be sending this
> request
> below.. all for the same place, that does not exist... whats up?
>
> this is bind 8.2.2-p7 on redhat linux 7.0.
>
> duane cox
>
> --------------------------------------------------------
>
> 28-Dec-2000 14:19:59.930 queries: info:
> XX+/63.146.45.67/www.brodcast.net/A/IN
> 28-Dec-2000 14:20:00.150 queries: info:
> XX+/63.146.45.129/www.brodcast.net/A/IN
More information about the bind-users
mailing list