From owner-freebsd-security Mon Jan 31 16:27:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from biggusdiskus.flyingfox.com (parker-T1-2-gw.sf3d.best.net [209.157.165.30]) by hub.freebsd.org (Postfix) with ESMTP id 958EC1525C for ; Mon, 31 Jan 2000 16:25:50 -0800 (PST) (envelope-from jas@flyingfox.com) Received: (from jas@localhost) by biggusdiskus.flyingfox.com (8.8.8/8.8.5) id QAA04973; Mon, 31 Jan 2000 16:16:34 -0800 (PST) Date: Mon, 31 Jan 2000 16:16:34 -0800 (PST) From: Jim Shankland Message-Id: <200002010016.QAA04973@biggusdiskus.flyingfox.com> To: freebsd-security@FreeBSD.ORG, mccord@zytek.com Subject: Re: Continual DNS requests from mysterious IP In-Reply-To: <200001290216.SAA34537@floozy.zytek.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [Re: lots of queries for the MX server of aol.com:] Samara McCord writes: > This is not an attack, but somewhat irritating. Also it's something > that no one would normally notice. Well I was running tcpdump to check > on something else and noticed this. About once a second I'm getting > DNS requests for the mail relay of "aol.com". Actually, I'll bet this was an attack of sorts. A server we admninister was hacked a few months ago, and the attacker was trying to send out tons of queries like this one with spoofed source addresses (which we filter, which is how we found out). Looks like a simple-minded DoS attempt to me. Perhaps DNS relaying will go a way similar to SMTP relaying: allowed only from a specific set of IP addresses. Jim Shankland NLynx Systems, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message