new Bind exploit?
Jeff Macdonald
jeff.macdonald at virtualbuilder.com
Tue Sep 30 17:41:59 EDT 2003
Today my logwatch sent me a message with hundreds of lines like these:
lame server resolving '100.0.0.215.in-addr.arpa' (in '215.in-addr.arpa'?): 199.252.154.251#53: 1 Time(s)
lame server resolving '100.0.0.215.in-addr.arpa' (in '215.in-addr.arpa'?): 199.252.162.251#53: 1 Time(s)
lame server resolving '100.0.0.215.in-addr.arpa' (in '215.in-addr.arpa'?): 199.252.180.251#53: 1 Time(s)
lame server resolving '100.0.0.215.in-addr.arpa' (in '215.in-addr.arpa'?): 207.132.116.60#53: 1 Time(s)
Has anyone see something like this? All of the in-addr.arp addresses
have x.0.0.y.
More information about the gnhlug-discuss
mailing list