[BlueOnyx:05358] Re: New DFix release

Jon McCauley jon at ontarioweb.ca
Tue Sep 7 23:57:48 -05 2010 

On 9/8/2010 12:04 AM, Abdul Rashid Abdullah wrote:
> I don't own them.
As Greg stated: -  the domains in question are still pointing to your 
DNS servers.... Request a release of DNS records from the register

hth

Best Regards, Jon McCauley



>
> On 9/7/10 6:44 PM, "Greg Kuhnert"<gkuhnert at compassnetworks.com.au>  wrote:
>
>>    My advice to you would be to go back to the domain registrar and
>> update the NS records. There is no way I can differentiate between this
>> behaviour and a dns based ddos attempt.
>>
>> Its bad form to leave them pointing to your server if you dont host the
>> domain. Why not convert it to a "parked" domain or something...
>>
>> Regards,
>> Greg.
>>
>> On 7/09/2010 10:03 PM, Abdul Rashid Abdullah wrote:
>>> Greg,
>>>
>>> For feedback purposes only, I would like to say after updating to this
>>> version, I am getting many messages similar to the following:
>>>
>>> Warning: Blocking 78.31.111.10
>>> Sep  7 07:53:19 baraka named[6886]: client 78.31.111.10#39576: query (cache)
>>> 'auntiealoha.com/MX/IN' denied
>>> Sep  7 07:53:19 baraka named[6886]: client 78.31.111.10#27275: query (cache)
>>> 'auntiealoha.com/MX/IN' denied
>>> Sep  7 07:53:19 baraka named[6886]: client 78.31.111.10#19183: query (cache)
>>> 'auntiealoha.com/MX/IN' denied
>>> Sep  7 07:53:19 baraka named[6886]: client 78.31.111.10#60083: query (cache)
>>> 'auntiealoha.com/MX/IN' denied
>>> Sep  7 07:53:30 baraka named[6886]: client 78.31.111.10#12462: query (cache)
>>> 'auntiealoha.com/MX/IN' denied
>>>
>>> All of the domains this is coming up for are domains I nor anyone else are
>>> no longer hosting.  However, the domains are still registered and pointed to
>>> me.  Basically, these are organization/companies that folded.  So someone is
>>> trying to see if there is still anything out there for them.
>>>
>>> Regards,
>>>
>>> Rashid
>>>
>>>
>>> On 9/4/10 5:33 PM, "Greg Kuhnert"<gkuhnert at compassnetworks.com.au>   wrote:
>>>
>>>>     I've mentioned recently a type of attack I have seen that uses spoofed
>>>> DNS packets. From all reports, it appears I am the only one around here
>>>> that has been hit. However, I have still decided to put the detection of
>>>> this attack as a new feature in DFix.
>>>>
>>>> At the same time, I have done a cleanup of the block/unblock code. Its
>>>> now a lot cleaner. I have also changed the action from "reject" to
>>>> "block" as the action when an attack is detected.
>>>>
>>>> Enjoy.
>>> _______________________________________________
>>> Blueonyx mailing list
>>> Blueonyx at blueonyx.it
>>> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Blueonyx mailing list