[BlueOnyx:05359] Re: New DFix release

Abdul Rashid Abdullah webmaster at muntada.com
Wed Sep 8 00:22:31 -05 2010 

Thanks for the suggestions...

;-) 


On 9/8/10 12:57 AM, "Jon McCauley" <jon at ontarioweb.ca> wrote:

> 
> On 9/8/2010 12:04 AM, Abdul Rashid Abdullah wrote:
>> I don't own them.
> As Greg stated: -  the domains in question are still pointing to your
> DNS servers.... Request a release of DNS records from the register
> 
> hth
> 
> Best Regards, Jon McCauley
> 
> 
> 
>> 
>> On 9/7/10 6:44 PM, "Greg Kuhnert"<gkuhnert at compassnetworks.com.au>  wrote:
>> 
>>>    My advice to you would be to go back to the domain registrar and
>>> update the NS records. There is no way I can differentiate between this
>>> behaviour and a dns based ddos attempt.
>>> 
>>> Its bad form to leave them pointing to your server if you dont host the
>>> domain. Why not convert it to a "parked" domain or something...
>>> 
>>> Regards,
>>> Greg.
>>> 
>>> On 7/09/2010 10:03 PM, Abdul Rashid Abdullah wrote:
>>>> Greg,
>>>> 
>>>> For feedback purposes only, I would like to say after updating to this
>>>> version, I am getting many messages similar to the following:
>>>> 
>>>> Warning: Blocking 78.31.111.10
>>>> Sep  7 07:53:19 baraka named[6886]: client 78.31.111.10#39576: query
>>>> (cache)
>>>> 'auntiealoha.com/MX/IN' denied
>>>> Sep  7 07:53:19 baraka named[6886]: client 78.31.111.10#27275: query
>>>> (cache)
>>>> 'auntiealoha.com/MX/IN' denied
>>>> Sep  7 07:53:19 baraka named[6886]: client 78.31.111.10#19183: query
>>>> (cache)
>>>> 'auntiealoha.com/MX/IN' denied
>>>> Sep  7 07:53:19 baraka named[6886]: client 78.31.111.10#60083: query
>>>> (cache)
>>>> 'auntiealoha.com/MX/IN' denied
>>>> Sep  7 07:53:30 baraka named[6886]: client 78.31.111.10#12462: query
>>>> (cache)
>>>> 'auntiealoha.com/MX/IN' denied
>>>> 
>>>> All of the domains this is coming up for are domains I nor anyone else are
>>>> no longer hosting.  However, the domains are still registered and pointed
>>>> to
>>>> me.  Basically, these are organization/companies that folded.  So someone
>>>> is
>>>> trying to see if there is still anything out there for them.
>>>> 
>>>> Regards,
>>>> 
>>>> Rashid
>>>> 
>>>> 
>>>> On 9/4/10 5:33 PM, "Greg Kuhnert"<gkuhnert at compassnetworks.com.au>   wrote:
>>>> 
>>>>>     I've mentioned recently a type of attack I have seen that uses spoofed
>>>>> DNS packets. From all reports, it appears I am the only one around here
>>>>> that has been hit. However, I have still decided to put the detection of
>>>>> this attack as a new feature in DFix.
>>>>> 
>>>>> At the same time, I have done a cleanup of the block/unblock code. Its
>>>>> now a lot cleaner. I have also changed the action from "reject" to
>>>>> "block" as the action when an attack is detected.
>>>>> 
>>>>> Enjoy.
>>>> _______________________________________________
>>>> Blueonyx mailing list
>>>> Blueonyx at blueonyx.it
>>>> http://www.blueonyx.it/mailman/listinfo/blueonyx
>> 
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at blueonyx.it
>> http://www.blueonyx.it/mailman/listinfo/blueonyx
>>

More information about the Blueonyx mailing list