[BlueOnyx:05356] Re: New DFix release

Abdul Rashid Abdullah webmaster at muntada.com
Tue Sep 7 23:04:56 -05 2010 

I don't own them.


On 9/7/10 6:44 PM, "Greg Kuhnert" <gkuhnert at compassnetworks.com.au> wrote:

>   My advice to you would be to go back to the domain registrar and
> update the NS records. There is no way I can differentiate between this
> behaviour and a dns based ddos attempt.
> 
> Its bad form to leave them pointing to your server if you dont host the
> domain. Why not convert it to a "parked" domain or something...
> 
> Regards,
> Greg.
> 
> On 7/09/2010 10:03 PM, Abdul Rashid Abdullah wrote:
>> Greg,
>> 
>> For feedback purposes only, I would like to say after updating to this
>> version, I am getting many messages similar to the following:
>> 
>> Warning: Blocking 78.31.111.10
>> Sep  7 07:53:19 baraka named[6886]: client 78.31.111.10#39576: query (cache)
>> 'auntiealoha.com/MX/IN' denied
>> Sep  7 07:53:19 baraka named[6886]: client 78.31.111.10#27275: query (cache)
>> 'auntiealoha.com/MX/IN' denied
>> Sep  7 07:53:19 baraka named[6886]: client 78.31.111.10#19183: query (cache)
>> 'auntiealoha.com/MX/IN' denied
>> Sep  7 07:53:19 baraka named[6886]: client 78.31.111.10#60083: query (cache)
>> 'auntiealoha.com/MX/IN' denied
>> Sep  7 07:53:30 baraka named[6886]: client 78.31.111.10#12462: query (cache)
>> 'auntiealoha.com/MX/IN' denied
>> 
>> All of the domains this is coming up for are domains I nor anyone else are
>> no longer hosting.  However, the domains are still registered and pointed to
>> me.  Basically, these are organization/companies that folded.  So someone is
>> trying to see if there is still anything out there for them.
>> 
>> Regards,
>> 
>> Rashid
>> 
>> 
>> On 9/4/10 5:33 PM, "Greg Kuhnert"<gkuhnert at compassnetworks.com.au>  wrote:
>> 
>>>    I've mentioned recently a type of attack I have seen that uses spoofed
>>> DNS packets. From all reports, it appears I am the only one around here
>>> that has been hit. However, I have still decided to put the detection of
>>> this attack as a new feature in DFix.
>>> 
>>> At the same time, I have done a cleanup of the block/unblock code. Its
>>> now a lot cleaner. I have also changed the action from "reject" to
>>> "block" as the action when an attack is detected.
>>> 
>>> Enjoy.
>> 
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at blueonyx.it
>> http://www.blueonyx.it/mailman/listinfo/blueonyx
>

More information about the Blueonyx mailing list