From owner-freebsd-questions Tue Jan 21 14:30: 4 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A13D37B401 for ; Tue, 21 Jan 2003 14:30:03 -0800 (PST) Received: from mail8.atl.registeredsite.com (mail8.atl.registeredsite.com [64.224.219.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4484943EB2 for ; Tue, 21 Jan 2003 14:29:57 -0800 (PST) (envelope-from admin@asarian-host.net) Received: from asarian-host.net (asarian-host.net [216.122.74.112]) by mail8.atl.registeredsite.com (8.12.2/8.12.6) with ESMTP id h0LMTt9Y022407 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT) for ; Tue, 21 Jan 2003 17:29:56 -0500 Comments: To protect the identity of the sender, certain header fields are either not shown, or masked. Anonymous email addresses for asarians can be requested by filling in the appropriate form at: https://asarian-host.net/cgi-bin/signup.cgi Received: (from root@localhost) by asarian-host.net (8.11.6/8.11.0) id h0LMTt609372 for freebsd-questions@freebsd.org; Tue, 21 Jan 2003 23:29:55 +0100 (CET) (envelope-from admin@asarian-host.net) Posted-Date: Tue, 21 Jan 2003 23:29:55 +0100 (CET) From: Mark Message-Id: <200301212229.H0LMTSL09353@asarian-host.net> Date: Tue, 21 Jan 2003 23:29:49 +0100 X-Authenticated-Sender: admin@asarian-host.net Subject: Some sort of attack? X-Trace: aFOxd6CKI/MjhTxaWhieuGIjABzpqOrs5mu3S2tf1au99UbGQlXudbQGoiQLTGij X-Complaints-To: abuse@asarian-host.net X-Abuse-Info: Please be sure to forward a copy of ALL headers X-Abuse-Info: Otherwise we are unable to process your complaint Organization: Asarian-host To: MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Auth: Asarian-host PGP signature iQEVAwUAPi3J4zFqW1BleBN9AQG43gf+JAh7qIZ9aFii69v1dw1v4wPTW9pVHFfX ZAy6cDg6fTeIfpFr7tu7HPZad9r69Aq6YU682n/qu/++H4LZslpCJrdFu8sH4sqQ V2fqp4iuA6iXzMUgrNFrfjHLFvG9nqyl34eCKXpytOOebJc/ve5P41k4uR/QLT0v A4rEYiyYuR/1TCM+iJOpDpGKeUIiVoZYvMM/Ae5CnmEdQudKKwyKG5tq6uWXHOpi 15QZDqc5BmkWSW/eCu1gWys8xs6scTVz8QtDNzQeatsIYWxpH6T8zHtCjQwjKesS zd0XY5FpPuN0/uxnD1gwLDurZT/4pXbsc90OVZ+CinVj8NEYVx1NFg== =jyZ4 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Perusing my logs, my query-log (BIND 8.3.4, FreeBSD 4.7R) is suddenly filled with odd queries for "extra". Like so: .... XX /207.217.120.20/extra.asarian-host.net/MX/IN No "extra" exists, btw. It seems some for of attack. Many of these queries also come from legitimate name servers, so I cannot just block them all. Has anyone ever seen this before? Do I need to be worried? And what can I do? Thanks! - Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message