Date: Mon, 31 Jan 2000 16:16:34 -0800 (PST) From: Jim Shankland <jas@flyingfox.com> To: freebsd-security@FreeBSD.ORG, mccord@zytek.com Subject: Re: Continual DNS requests from mysterious IP Message-ID: <200002010016.QAA04973@biggusdiskus.flyingfox.com> In-Reply-To: <200001290216.SAA34537@floozy.zytek.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[Re: lots of queries for the MX server of aol.com:] Samara McCord <mccord@zytek.com> writes: > This is not an attack, but somewhat irritating. Also it's something > that no one would normally notice. Well I was running tcpdump to check > on something else and noticed this. About once a second I'm getting > DNS requests for the mail relay of "aol.com". Actually, I'll bet this was an attack of sorts. A server we admninister was hacked a few months ago, and the attacker was trying to send out tons of queries like this one with spoofed source addresses (which we filter, which is how we found out). Looks like a simple-minded DoS attempt to me. Perhaps DNS relaying will go a way similar to SMTP relaying: allowed only from a specific set of IP addresses. Jim Shankland NLynx Systems, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002010016.QAA04973>