On Tue, Feb 3, 2009 at 1:11 PM, Mark E. Mallett <m...@mv.mv.com> wrote: > It's possible that somebody's testing using random query names instead > of "." -- "." is pretty easy to look for in the logs, but the random > names are more difficult.
So why not just query for <google.com.> or something else that's legitimate and quite common? These long domain names are obviously bogus, so it's almost as easy to filter for them. Just look for any query which doesn't include a known gTLD or ccTLD. > Anyway that's just guessing. Yah, me too in the above. :) It's not like we can see into the assumed attackers' minds. -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/