DNS Exploit Attempts??
Bruce Esquibel
bje at e4500.ripco.com
Thu Jul 31 15:11:46 UTC 2008
Terpasaur <emery.rudolph at gmail.com> wrote:
> Jul 30 11:50:39 ns2 named[2780]: [ID 873579 daemon.info] security:
> info: client 194.85.88.199#22941: query (cache) './ANY/IN' denied
> Is this an example of the cache exploit attempt?
Heh, after I read this I enabled the querylog and sure enough, I had an ip
address near that one doing the same thing, on both of our servers.
I did spot another entry in the logs that isn't a concern but odd to me...
client 149.20.56.10#10053: query:
not-an-attack.dan-kaminsky.browse-deluvian.doxpara.com IN ANY +
The ip address goes back to isc.org so just wondering if there is a spider
of sorts running to determine whose name server is running what version or
something.
-bruce
bje at ripco.com
More information about the bind-users
mailing list