recursion "normality"
Brad Knowles
brad.knowles at skynet.be
Fri May 18 01:21:52 UTC 2001
At 10:33 AM +1000 5/18/01, Glen Harvy wrote:
> Why is 198.xxx.xxx.xxx continually making these requests? Is this as a
> result of their mis-configuration or perhaps one of their users
> mis-configuration?
Almost certainly their misconfiguration. It could also be a sign
of someone attempting to cause your cache to be polluted, and use
that as a means to help them break into your network.
However, one should never assume malice when simple ignorance and
stupidity will do just fine.
> Is there anything I can do about it?
Not unless you want to block all DNS queries from their network.
I guess you could report this activity to the manager of the
registered owner of that network:
% whois -h radb.ra.net 198.142.208.37
route: 198.142.0.0/16
descr: Microplex PTY LTD
25 Atchinson Street
St Leonards
NSW 2065, Australia
origin: AS4804
notify: mpx-noc at mpx.com.au
mnt-by: MPX-NOC
changed: terry at mpx.com.au 19980816
source: RADB
route: 198.142.128.0/17
descr: Customer Route (of Telstra Corporation)
origin: AS1221
tech-c: TRDA1-TELSTRA
notify: irr at telstra.net
mnt-by: TELSTRA-RR
changed: dbadmin at telstra.net 20000823
source: TELSTRA
Other than that, and reporting this activity to SANS, I can't
think of much else you can do.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list