help! (excessive queries for www.brodcast.net, stage.broder.c om)
Lepera, Francis J
flep at bnl.gov
Thu Dec 28 21:33:20 UTC 2000
Gentlemen...
We are also seeing many many DNS queries for "net.brodcast.net"
We are also seeing many queries for "WWW.BRODCASTNET".
Both, of course are erroneous domain-names.
Any clue as to what's causing these queries??
Any further information you have regarding this, problem
would be appreciated.
Is there a fix for this??
Francis J. Lepera [flep at bnl.gov]
Cyber Security Section
Information Technology Division
Brookhaven National Laboratory
631-344-4183
-----Original Message-----
From: Scott Bertilson [mailto:scott at nts.umn.edu]
Sent: Thursday, December 28, 2000 3:41 PM
To: Duane Cox
Cc: bind-users at isc.org
Subject: Re: help! (excessive queries for www.brodcast.net,
stage.broder.com)
We've also had a number of machines wildly querying for
"stage.broder.com". Both of these addresses show up as
belonging to Broderbund Software. Any ideas as to what
is generating these queries or how to eliminate them would
be most helpful.
Thanks, Scott
> our nameservers are for the past week getting way overworked..
> when i started looking into this, i found out that our dialup customers
> apparently, unless the ip is spoofed, all of them seem to be sending this
> request
> below.. all for the same place, that does not exist... whats up?
>
> this is bind 8.2.2-p7 on redhat linux 7.0.
>
> duane cox
>
> --------------------------------------------------------
>
> 28-Dec-2000 14:19:59.930 queries: info:
> XX+/63.146.45.67/www.brodcast.net/A/IN
> 28-Dec-2000 14:20:00.150 queries: info:
> XX+/63.146.45.129/www.brodcast.net/A/IN
More information about the bind-users
mailing list