Configuration error or new exploit? (recursion denied)

rafe at notreally.spamcop.net rafe at notreally.spamcop.net
Sat May 1 21:10:54 UTC 2004 

Has anyone seen an exploit based on source root nameserver queries?
We've seen a few of these, usually no more than 60 or so packets at a
time, all from different sources.  Could be spoofed, or otherwise hacked,
but it doesn't look like a typical scan.

Rafael



May 1 11:39:35 named[122]: denied recursion for query from [63.208.234.20].33849 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [66.150.162.20].33101 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [64.94.42.20].33849 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [66.150.210.20].33802 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [64.94.13.20].33379 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [64.94.18.20].33796 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [64.157.185.139].32957 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [219.96.127.99].32822 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [212.118.251.139].33909 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [202.189.142.20].33318 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [61.88.56.7].32818 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [218.30.127.20].33013 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [211.155.227.20].32895 for . IN
May 1 11:39:35 named[122]: denied recursion for query from [203.200.238.20].33000 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [218.30.127.20].33013 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [63.208.234.20].33849 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [219.96.127.99].32822 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [61.88.56.7].32818 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [202.189.142.20].33318 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [212.118.251.139].33909 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [66.150.210.20].33802 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [64.94.13.20].33379 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [64.157.185.139].32957 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [66.150.162.20].33101 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [66.151.135.20].32781 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [203.200.238.20].33000 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [64.94.42.20].33849 for . IN
May 1 11:39:36 named[122]: denied recursion for query from [64.94.18.20].33796 for . IN
May 1 11:39:37 named[122]: denied recursion for query from [211.155.227.20].32895 for . IN
May 1 11:44:36 named[122]: denied recursion for query from [64.157.185.139].32957 for . IN
May 1 11:44:36 named[122]: denied recursion for query from [212.118.251.139].33909 for . IN
May 1 11:44:36 named[122]: denied recursion for query from [218.30.127.20].33013 for . IN
May 1 11:44:36 named[122]: denied recursion for query from [202.189.142.20].33318 for . IN
May 1 11:44:36 named[122]: denied recursion for query from [64.94.18.20].33796 for . IN
May 1 11:44:36 named[122]: denied recursion for query from [66.150.210.20].33802 for . IN
May 1 11:44:36 named[122]: denied recursion for query from [64.94.13.20].33379 for . IN
May 1 11:44:36 named[122]: denied recursion for query from [63.208.234.20].33849 for . IN
May 1 11:44:37 named[122]: denied recursion for query from [66.150.162.20].33101 for . IN
May 1 11:44:37 named[122]: denied recursion for query from [61.88.56.7].32818 for . IN
May 1 11:44:37 named[122]: denied recursion for query from [219.96.127.99].32822 for . IN
May 1 11:44:37 named[122]: denied recursion for query from [218.30.127.20].33013 for . IN
May 1 11:44:37 named[122]: denied recursion for query from [66.151.135.20].32781 for . IN
May 1 11:44:37 named[122]: denied recursion for query from [64.94.42.20].33849 for . IN
May 1 11:44:37 named[122]: denied recursion for query from [203.200.238.20].33000 for . IN
May 1 11:44:37 named[122]: denied recursion for query from [64.157.185.139].32957 for . IN
May 1 11:44:37 named[122]: denied recursion for query from [212.118.251.139].33909 for . IN
May 1 11:44:37 named[122]: denied recursion for query from [202.189.142.20].33318 for . IN
May 1 11:44:37 named[122]: denied recursion for query from [211.155.227.20].32895 for . IN
May 1 11:44:38 named[122]: denied recursion for query from [61.88.56.7].32818 for . IN
May 1 11:44:38 named[122]: denied recursion for query from [219.96.127.99].32822 for . IN
May 1 11:44:38 named[122]: denied recursion for query from [66.151.135.20].32781 for . IN
May 1 11:44:38 named[122]: denied recursion for query from [63.208.234.20].33849 for . IN
May 1 11:44:38 named[122]: denied recursion for query from [66.150.162.20].33101 for . IN
May 1 11:44:38 named[122]: denied recursion for query from [64.94.42.20].33849 for . IN
May 1 11:44:38 named[122]: denied recursion for query from [66.150.210.20].33802 for . IN
May 1 11:44:38 named[122]: denied recursion for query from [64.94.13.20].33379 for . IN
May 1 11:44:38 named[122]: denied recursion for query from [64.94.18.20].33796 for . IN
May 1 11:44:38 named[122]: denied recursion for query from [211.155.227.20].32895 for . IN
May 1 11:44:39 named[122]: denied recursion for query from [203.200.238.20].33000 for . IN

More information about the bind-users mailing list