Am Thu, 16 Aug 2012 22:18:19 -0700
schrieb John R Pierce pie...@hogranch.com:
On 08/16/12 9:54 PM, Jussi Hirvi wrote:
Aug 17 07:41:38 mx2 named[6873]: client 205.145.64.200#53: query
(cache) 'ripe.net/ANY/IN' denied
Aug 17 07:41:38 mx2 named[6873]: client 204.10.45.5#53: query
(cache)
On 17.8.2012 8.18, John R Pierce wrote:
meh, if its coming from lots of random hosts, then fail2ban style
techniques won't work. I assume this is an authoritative name server?
does it have recursive queries disabled so it can only return results
for the domain(s) its authoritative for ?
Yes,
From: Jussi Hirvi listmem...@greenspot.fi
On 17.8.2012 8.18, John R Pierce wrote:
meh, if its coming from lots of random hosts, then fail2ban style
techniques won't work. I assume this is an authoritative name server?
does it have recursive queries disabled so it can only return results
On 17.8.2012 15.04, John Doe wrote:
Maybe it is this:
http://arstechnica.com/business/2012/03/how-anonymous-plans-to-use-dns-as-a-weapon/
Interesting idea. In that case the ip's in my logs would point to the
targets of the attact. I checked a few of them, and they look more like
hijacked
Jussi Hirvi wrote:
On 17.8.2012 15.04, John Doe wrote:
Maybe it is this:
http://arstechnica.com/business/2012/03/how-anonymous-plans-to-use-dns-as-a-weapon/
Interesting idea. In that case the ip's in my logs would point to the
targets of the attact. I checked a few of them, and they look
Looks like one of my name servers (CentOS 5) gets a lot of malicious
queries. The cpu load is constantly about 3 %. I put on stricter limits
on who is allowed recursive queries, but this does not affect the CPU
load. I also updated bind.
I temporarily turned on querylog (command: rndc
On 08/16/12 9:54 PM, Jussi Hirvi wrote:
Aug 17 07:41:38 mx2 named[6873]: client 205.145.64.200#53: query (cache)
'ripe.net/ANY/IN' denied
Aug 17 07:41:38 mx2 named[6873]: client 204.10.45.5#53: query (cache)
'ripe.net/ANY/IN' denied
Aug 17 07:41:38 mx2 named[6873]: client 78.40.35.212#53:
7 matches
Mail list logo