Odd log messages from ISC BIND named
Cole Tuininga
colet at code-energy.com
Tue Feb 3 07:25:44 EST 2009
On Tue, 2009-02-03 at 00:11 -0500, Ben Scott wrote:
> So, we had around 100 of these show up in the log from Sunday on
> <liberty.gnhlug.org>, all from the same IP address, all with similar
> but apparently never the same name pattern:
>
> client 192.0.2.42 query (cache)
> 'aaccmmaaaafwx0000dlaaabaaafbbfpg/NS/IN' denied: 1 Time(s)
> client 192.0.2.42 query (cache)
> 'abbcneaaaafwx0000dlaaabaaafbkkag/NS/IN' denied: 1 Time(s)
> client 192.0.2.42 query (cache)
> 'acdbbbaaaafwx0000dlaaabaaafbpkeo/NS/IN' denied: 1 Time(s)
I'd guess they were either trying to do a "quick Kaminsky scan" or (less
likely) looking for an open resolver. Just my $.02.
--
A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>> A: Top-posting.
>>> Q: What is the most annoying thing on Usenet and in e-mail?
Cole Tuininga
colet at code-energy.com
http://www.code-energy.com/
More information about the gnhlug-discuss
mailing list