notify question section contains no SOA: 1 Time(s)
Tim Maestas
tmaestas at dnsconsultants.com
Fri Jan 3 02:53:07 UTC 2003
>
> In fact, we have the answer:
>
> 12/30/02-00:16:44.089887 [**] [1:1616:1] DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 131.193.178.100:1264 -> xxx.xxx.xxx.xxx:53
>
> The above happened at the same time as one of the messages regarding a
> malformed NOTIFY.
>
> 100.178.193.131.in-addr.arpa is an alias for 100.0-24.178.193.131.in-addr.arpa.
> 100.0-24.178.193.131.in-addr.arpa domain name pointer network-surveys.cr.yp.to.
>
Yeah, I've seen these too. It's DJB's survey scans.....
-Tim
> -rob
>
> (You gotta love when someone responds to their own messages. Not!)
>
> -- Attached file included as plaintext by Ecartis --
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE+FPUNOVBTTvic5hMRAnImAJ4/6hpvSw4CsCOuqvwGSdG8rpDQcwCg+QDC
> vKXet+Fi0gWPeb2G6iZWi2w=
> =HuwR
> -----END PGP SIGNATURE-----
>
>
>
More information about the bind-users
mailing list