[BlueOnyx:05351] Re: New DFix release
Abdul Rashid Abdullah
webmaster at muntada.com
Tue Sep 7 07:03:22 -05 2010
Greg,
For feedback purposes only, I would like to say after updating to this
version, I am getting many messages similar to the following:
Warning: Blocking 78.31.111.10
Sep 7 07:53:19 baraka named[6886]: client 78.31.111.10#39576: query (cache)
'auntiealoha.com/MX/IN' denied
Sep 7 07:53:19 baraka named[6886]: client 78.31.111.10#27275: query (cache)
'auntiealoha.com/MX/IN' denied
Sep 7 07:53:19 baraka named[6886]: client 78.31.111.10#19183: query (cache)
'auntiealoha.com/MX/IN' denied
Sep 7 07:53:19 baraka named[6886]: client 78.31.111.10#60083: query (cache)
'auntiealoha.com/MX/IN' denied
Sep 7 07:53:30 baraka named[6886]: client 78.31.111.10#12462: query (cache)
'auntiealoha.com/MX/IN' denied
All of the domains this is coming up for are domains I nor anyone else are
no longer hosting. However, the domains are still registered and pointed to
me. Basically, these are organization/companies that folded. So someone is
trying to see if there is still anything out there for them.
Regards,
Rashid
On 9/4/10 5:33 PM, "Greg Kuhnert" <gkuhnert at compassnetworks.com.au> wrote:
> I've mentioned recently a type of attack I have seen that uses spoofed
> DNS packets. From all reports, it appears I am the only one around here
> that has been hit. However, I have still decided to put the detection of
> this attack as a new feature in DFix.
>
> At the same time, I have done a cleanup of the block/unblock code. Its
> now a lot cleaner. I have also changed the action from "reject" to
> "block" as the action when an attack is detected.
>
> Enjoy.
More information about the Blueonyx
mailing list