date:20111224

New problem with "lame-server" after Dist-Upgrade

2011-12-24 Thread Michelle Konzack

Hello *,

my Inttranet NameServer (my DNS-Master) was running Debian Lenny/5.0 and
is now upgraded to Debian Squeeze/6.0 and et I get  per  day  very  huge
"named.log" files, because:

[ '/var/log/named.log' ]
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'www.erdbeerlounge.de//IN': 78.47.247.21#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'www.erdbeerlounge.de/A/IN': 78.47.247.21#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (connection 
refused) resolving 'www.erdbeerlounge.de//IN': 217.147.94.23#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (connection 
refused) resolving 'www.erdbeerlounge.de/A/IN': 217.147.94.23#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns1.dns24.net/A/IN': 78.47.247.21#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns2.dns24.net/A/IN': 78.47.247.21#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns1.dns24.net//IN': 78.47.247.21#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns2.dns24.net//IN': 78.47.247.21#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns3.dns24.net/A/IN': 78.47.247.21#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns4.dns24.net/A/IN': 78.47.247.21#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns3.dns24.net//IN': 78.47.247.21#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns4.dns24.net//IN': 78.47.247.21#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns1.dns24.net/A/IN': 78.47.104.44#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns2.dns24.net/A/IN': 78.47.104.44#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns1.dns24.net//IN': 78.47.104.44#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns2.dns24.net//IN': 78.47.104.44#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns3.dns24.net/A/IN': 78.47.104.44#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns4.dns24.net/A/IN': 78.47.104.44#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns3.dns24.net//IN': 78.47.104.44#53
Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'ns4.dns24.net//IN': 78.47.104.44#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (connection 
refused) resolving 'ns1.dns24.net/A/IN': 217.147.94.23#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (connection 
refused) resolving 'ns2.dns24.net/A/IN': 217.147.94.23#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (connection 
refused) resolving 'ns1.dns24.net//IN': 217.147.94.23#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (connection 
refused) resolving 'ns2.dns24.net//IN': 217.147.94.23#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'dns1.name-services.com/A/IN': 78.47.104.44#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'dns2.name-services.com/A/IN': 78.47.104.44#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'dns1.name-services.com//IN': 78.47.104.44#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'dns2.name-services.com//IN': 78.47.104.44#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'dns3.name-services.com/A/IN': 78.47.104.44#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'dns4.name-services.com/A/IN': 78.47.104.44#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'dns3.name-services.com//IN': 78.47.104.44#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'dns4.name-services.com//IN': 78.47.104.44#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'dns5.name-services.com/A/IN': 78.47.104.44#53
Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected RCODE 
REFUSED) resolving 'dns5.name-services.com/

Re: New problem with "lame-server" after Dist-Upgrade

2011-12-24 Thread Ben Croswell

Did the BIND version change with the OS upgrade?

-Ben Croswell
On Dec 24, 2011 6:38 PM, "Michelle Konzack" 
wrote:

> Hello *,
>
> my Inttranet NameServer (my DNS-Master) was running Debian Lenny/5.0 and
> is now upgraded to Debian Squeeze/6.0 and et I get  per  day  very  huge
> "named.log" files, because:
>
> [ '/var/log/named.log' ]
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'www.erdbeerlounge.de//IN': 78.47.247.21#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'www.erdbeerlounge.de/A/IN': 78.47.247.21#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (connection
> refused) resolving 'www.erdbeerlounge.de//IN': 217.147.94.23#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (connection
> refused) resolving 'www.erdbeerlounge.de/A/IN': 217.147.94.23#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns1.dns24.net/A/IN': 78.47.247.21#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns2.dns24.net/A/IN': 78.47.247.21#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns1.dns24.net//IN': 78.47.247.21#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns2.dns24.net//IN': 78.47.247.21#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns3.dns24.net/A/IN': 78.47.247.21#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns4.dns24.net/A/IN': 78.47.247.21#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns3.dns24.net//IN': 78.47.247.21#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns4.dns24.net//IN': 78.47.247.21#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns1.dns24.net/A/IN': 78.47.104.44#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns2.dns24.net/A/IN': 78.47.104.44#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns1.dns24.net//IN': 78.47.104.44#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns2.dns24.net//IN': 78.47.104.44#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns3.dns24.net/A/IN': 78.47.104.44#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns4.dns24.net/A/IN': 78.47.104.44#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns3.dns24.net//IN': 78.47.104.44#53
> Dec 25 00:21:01 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'ns4.dns24.net//IN': 78.47.104.44#53
> Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (connection
> refused) resolving 'ns1.dns24.net/A/IN': 217.147.94.23#53
> Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (connection
> refused) resolving 'ns2.dns24.net/A/IN': 217.147.94.23#53
> Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (connection
> refused) resolving 'ns1.dns24.net//IN': 217.147.94.23#53
> Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (connection
> refused) resolving 'ns2.dns24.net//IN': 217.147.94.23#53
> Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'dns1.name-services.com/A/IN': 78.47.104.44#53
> Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'dns2.name-services.com/A/IN': 78.47.104.44#53
> Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'dns1.name-services.com//IN': 78.47.104.44#53
> Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'dns2.name-services.com//IN': 78.47.104.44#53
> Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'dns3.name-services.com/A/IN': 78.47.104.44#53
> Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'dns4.name-services.com/A/IN': 78.47.104.44#53
> Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'dns3.name-services.com//IN': 78.47.104.44#53
> Dec 25 00:21:02 dns named[29004]: lame-servers: info: error (unexpected
> RCODE REFUSED) resolving 'dns4.name-services.com//IN': 78.47.104.44#53
> Dec 25 00:21:02 dns named[29004]: lame-serve

How can someone know Sub-Domains?

2011-12-24 Thread Michelle Konzack

Hello *,

I have installed inside my corporated domain a subdomain for a  customer
and now this subdomain is under attack, exactly,  the  Domains  with  37
Courier-Servers and 140 Web-Servers are DoS'ed.  This mean,  someone  is
trying to bring down the whole network using >200k  IPs.  I use a  CISCO
12008 which work nicely with its filters, but not always.   My Dual 1 GE
connection is nearly fucked!

And yes, I have a big problem with "extortion" since arround 2 weeks and
I am not willing to pay.

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux
   Internet Service Provider, Cloud Computing


itsystems@tdnet Jabber  linux4miche...@jabber.ccc.de
Owner Michelle Konzack

Gewerbe Strasse 3   Tel office: +49-176-86004575
77694 Kehl  Tel mobil:  +49-177-9351947
Germany Tel mobil:  +33-6-61925193  (France)

USt-ID:  DE 278 049 239

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: New problem with "lame-server" after Dist-Upgrade

2011-12-24 Thread Michelle Konzack

Hello Ben Croswell,

Am 2011-12-24 18:42:09, hacktest Du folgendes herunter:
> Did the BIND version change with the OS upgrade?

Yes.

I had this problem some years ago:

8<--
Mark Andrews marka at isc.org
Tue Aug 3 22:32:29 UTC 2010

* Previous message: unexpected RCODE (REFUSED) resolving
* Next message: unexpected RCODE (REFUSED) resolving
* Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <20100803142625.GC27217 at tamay-dogan.net>, Michelle Konzack writes:
> This is a MIME-formatted message.  If you see this text it means that your
> E-mail software does not support MIME-formatted messages.
> 
> Hello,
> 
> since today morning (~06:30 CEST) I get several 1.000 errors like:
> 
> [ '/var/log/named.log' ]
> Aug  3 10:12:39 dns1 named[26425]: 03-Aug-2010 10:12:39.951 lame-servers: i=
> nfo: unexpected RCODE (REFUSED) resolving 'lists.colo.xensource.com/A/IN': =
> 68.156.138.136#53

Basically you need to complain to the administators for xensource.com
to get the delegation cleaned up or the server configured.

xensource.com is delegated to 68.156.138.136 but that server is refusing
to answer queries for the xensource.com.  Additionally according to
ns1.xensource.com both ns0.xensource.com and ns2.xensource.com no longer
exist.  The administrators for xensource.com need to clean up the
delegation by contacting their registrar and removing ns0.xensource.com
from delegation.  They also need to clean up the delegation for
colo.xensource.com as that has ns0 and ns2 listed which don't exist.
8<--

but if I follow his answer, it mean, more than  800  servers  have  this
issue!  This can not be...  Or are those admins realy braindamaged?

Sometimes I see  a  bunch  of  lines  "lame-servers"  and  following  by
"edns-disabled" lines with the same servers queried...

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux
   Internet Service Provider, Cloud Computing

itsystems@tdnet Jabber  linux4miche...@jabber.ccc.de
Owner Michelle Konzack

Gewerbe Strasse 3   Tel office: +49-176-86004575
77694 Kehl  Tel mobil:  +49-177-9351947
Germany Tel mobil:  +33-6-61925193  (France)

USt-ID:  DE 278 049 239

Linux-User #280138 with the Linux Counter, http://counter.li.org/

signature.pgp
Description: Digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How can someone know Sub-Domains?

2011-12-24 Thread Michelle Konzack

Forgotten one thing:

The Sub-Domain has IPv6 addresses and the Serves are not hit by IP,  but
there FQDN, which mean, someone has gotten the  list  of  the  hostnames
since I can not believe, the attacker has scanned my 4 IPv6 Networks to
find out, where the servers are.  (I do not use continiously IP-Range)

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux
   Internet Service Provider, Cloud Computing


itsystems@tdnet Jabber  linux4miche...@jabber.ccc.de
Owner Michelle Konzack

Gewerbe Strasse 3   Tel office: +49-176-86004575
77694 Kehl  Tel mobil:  +49-177-9351947
Germany Tel mobil:  +33-6-61925193  (France)

USt-ID:  DE 278 049 239

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: New problem with "lame-server" after Dist-Upgrade

2011-12-24 Thread Michelle Konzack

For soem seconds I have read a message (not from me) where someone asked,
whether forwarders where configured and do not accept queries...

So I have removed my forwarders and restarted bind9:

--[ '/var/log/named.log' ]--
Dec 25 01:36:09 storage000 named[2009]: general: info: received control channel 
command 'stop -p'
Dec 25 01:36:09 storage000 named[2009]: general: info: shutting down: flushing 
changes
Dec 25 01:36:09 storage000 named[2009]: general: notice: stopping command 
channel on 127.0.0.1#953
Dec 25 01:36:09 storage000 named[2009]: network: info: no longer listening on 
::#53
Dec 25 01:36:09 storage000 named[2009]: network: info: no longer listening on 
192.168.0.11#53
Dec 25 01:36:09 storage000 named[2009]: general: notice: exiting
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 0.in-addr.arpa/IN: 
loaded serial 1
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
127.in-addr.arpa/IN: loaded serial 1
Dec 25 01:36:10 storage000 named[29649]: general: warning: 
/etc/bind/db.192.168.0:3: using RFC1035 TTL semantics
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
0.168.192.in-addr.arpa/IN: loaded serial 1324544307
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
255.in-addr.arpa/IN: loaded serial 1
Dec 25 01:36:10 storage000 named[29649]: general: warning: 
/etc/bind/DNS_TRASH:3: using RFC1035 TTL semantics
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
google-analytics.com/IN: loaded serial 1301273151
Dec 25 01:36:10 storage000 named[29649]: general: warning: 
/etc/bind/DNS_TRASH:3: using RFC1035 TTL semantics
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
googleadservices.com/IN: loaded serial 1301273151
Dec 25 01:36:10 storage000 named[29649]: general: warning: 
/etc/bind/DNS_TRASH:3: using RFC1035 TTL semantics
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
googlesyndication.com/IN: loaded serial 1301273151
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
tdaerospace.com/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone tdnet.eu/IN: 
loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone localhost/IN: 
loaded serial 2
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
tamay-dogan.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
cybercenter.tamay-dogan.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
debian.tamay-dogan.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
ecocity.tamay-dogan.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
electronica.tamay-dogan.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
energia.tamay-dogan.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
geoip.tamay-dogan.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
home.tamay-dogan.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
intranet1.tamay-dogan.net/IN: loaded serial 1324032240 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
intranet2.tamay-dogan.net/IN: loaded serial 1324032240 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
itsystems.tamay-dogan.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
onlinestore.tamay-dogan.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
pmcos.tamay-dogan.net/IN: loaded serial 1324032240 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
private.tamay-dogan.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
redhat.tamay-dogan.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone 
tdaerospace.net/IN: loaded serial 1324032239 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone tdcloud.net/IN: 
loaded serial 1324032240 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone tdhome.net/IN: 
loaded serial 1324032240 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone tdipmedia.net/IN: 
loaded serial 1324032240 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone tdvoip.net/IN: 
loaded serial 1324032240 (DNSSEC signed)
Dec 25 01:36:10 storage000 named[29649]: general: info: zone tdwave.net/IN: 
loaded serial 1324032239 (DNSSEC s

Re: How can someone know Sub-Domains?

2011-12-24 Thread Larry Brower

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 12/24/2011 05:48 PM, Michelle Konzack wrote:
> Hello *,
> 
> I have installed inside my corporated domain a subdomain for a  customer
> and now this subdomain is under attack, exactly,  the  Domains  with  37
> Courier-Servers and 140 Web-Servers are DoS'ed.  This mean,  someone  is
> trying to bring down the whole network using >200k  IPs.  I use a  CISCO
> 12008 which work nicely with its filters, but not always.   My Dual 1 GE
> connection is nearly fucked!
> 
> And yes, I have a big problem with "extortion" since arround 2 weeks and
> I am not willing to pay.
> 
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
> 

Why would you give them a subdomain?
How do you know they weren't being targeted prior to coming to you?
Why haven't you nulled them yet?
Why do you think this belongs on this list?



- -- 


Larry Brower, CCENT
Linux System Administrator II
HostGator.com LLC

lbro...@hostgator.com
Http://www.hostgator.com
Http://support.hostgator.com/

Fedora Ambassador - North America
Fedora Quality Assurance

lbro...@fedoraproject.org
http://www.fedoraproject.org/
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJO9oI9AAoJEF1Xw4ZWTEoJJq8QAIpMWiaLUsZnhDJ5ccZxnlJ5
L8rDF9W0jE2E95lk3yqXmCza2AsZCLxXxAwfud8/cjLjxPF4xzPoLZSyN5RtSVT8
X6xiNpYD9Geqn2xrQsyY94cGgTkz+LfndCpuTuCiTLAwh3Pn4jkhfnu8RIPcqIXg
2uFLtguRfzHirXb+NUaxGI3b8V7mJGnHCdVAsxvZtUoN7QCHIP1hIyMYfZqvXc4H
GHp9K9jGjYIU/uIe8gXxSifXGtRzTIhWIIXRQvJo1SQ/kWzx3acnw0kC2H69EL9D
dH198amEqk1aLs+3DefK2uskaEr1f/8v+Ps1F6UsZSkcdNGlX2Nwp0plBoL8J84s
h80PVcprAMhiWyvyNjMNhjHw5Cm4oaomZ8myqK2qFwge4mMASCX3T/ntvr6MrKQz
Yfd7WcfMDOI4cHT7OMoVnTLrZ7aslYN9WEsaFqE6tZXWu49a9+GWzObyuTA+23Lm
WBScdcLawir34a0T/d+K+1zWq9es7YqEn6l8U89tqmb5weMAyXAMVYxKU+k36dTu
AADE4JuAmFoYrSLabBNb9I3txNfEeLNMTqQGeBctn9fr2kGjL1OswcAxqijzZakF
xiOcrzYmJnpeSN9VNcJ7DQF1Y98wUjIxO3FXFwXqYgaNlOfDvVUB5lkr6/9/R6Td
Jqr8/u9+FQLshN44Gqak
=ui1u
-END PGP SIGNATURE-
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How can someone know Sub-Domains?

2011-12-24 Thread Michelle Konzack

Hello Larry Brower,

Am 2011-12-24 19:54:05, hacktest Du folgendes herunter:
> Why would you give them a subdomain?

Why does AKAMAI do suh things?  ;-)

> How do you know they weren't being targeted prior to coming to you?

I was admin of the servers for 12 years

> Why haven't you nulled them yet?

???

> Why do you think this belongs on this list?

I like to know, which possibilities are for attackers to get whole  zone
infos out of my bind9 config...  All host  have  gotten  new  names  but
someone is targeting the hosts.

To prevent DoS Attacks, the Servers and Workstations have an  auto-setup
which can change IPs and FQDN randomly.  SO if someone like to find  the
IPs or Hostnames, s/he can scan the entired Internet.

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux
   Internet Service Provider, Cloud Computing


itsystems@tdnet Jabber  linux4miche...@jabber.ccc.de
Owner Michelle Konzack

Gewerbe Strasse 3   Tel office: +49-176-86004575
77694 Kehl  Tel mobil:  +49-177-9351947
Germany Tel mobil:  +33-6-61925193  (France)

USt-ID:  DE 278 049 239

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

New problem with "lame-server" after Dist-Upgrade

Re: New problem with "lame-server" after Dist-Upgrade

How can someone know Sub-Domains?

Re: New problem with "lame-server" after Dist-Upgrade

Re: How can someone know Sub-Domains?

Re: New problem with "lame-server" after Dist-Upgrade

Re: How can someone know Sub-Domains?

Re: How can someone know Sub-Domains?

8 matches

Site Navigation

Mail list logo

Footer information