Hello,
> > The machine sending the queries is probably configured to use
> > your server as a complete DNS resolver and transfer all its queries
> > to your server.
> >
> Umm...I don't *have* a server at that address. In fact,
> there is no live
> host at all at that address. *That*, after all
Hello,
> I've altered the real hostname on our network to "targethost"
> and altered
> the querying IP to x.x.x.x for privacy reasons. All these
> queries are
> *from* the same host. This pattern is *typical* of what I'm
> seeing from a
> *number of diverse hosts* from all over the world.
Hello,
> > dns query is being asked...something like
> > tcpdump -n -s 1500 udp and port 53 and host 1.2.3.4
> >
> I already did this, and I already posted it here. It didn't reveal
> anything that I wasn't already aware of - ns requests and ptr
> requests for
> that IP.
Update your tcpdump o
Hello,
> It seems to me that if we make all MTA's register somehow
> (both SMTP and
> POST), this would eliminate the hijacked machine as spambot
> phenomenon. We
> already have MX records for SMTP, but a lot of providers use
> different
> machines to receive (via SMTP) and send mail (POST).
