DNS attacks
Graeme Fowler
graeme at graemef.net
Sat Jul 26 11:42:53 UTC 2008
On Fri, 2008-07-25 at 09:46 -0700, Wolfgang S. Rupprecht wrote:
> James Kosin posted a message on the fedora mailing list that he is
> actually seeing DNS attack messages in his log files. The message is
> archived here:
>
> http://permalink.gmane.org/gmane.linux.redhat.fedora.general/306278
...if you look at the addresses in use there, and you look in your logs
and see the same thing, you might find some interesting queries which
make it pretty obvious what those queries are for. They're not
malicious; they're not an attack; they're data collection.
I emailed Dan Kaminsky about this and he told me
> That's the scan that's finding patches.
I've just asked for a bit of clarification on this; the pattern of the
queries is interesting - those who have the same type of queries in
their logs might take note of the unchanging source port...
The sky isn't falling... yet.
Graeme
More information about the bind-users
mailing list