Odd log messages from ISC BIND named

VirginSnow at vfemail.net VirginSnow at vfemail.net
Tue Feb 3 15:08:04 EST 2009


> Date: Tue, 3 Feb 2009 00:11:44 -0500
> From: Ben Scott <dragonhawk at gmail.com>

> client 192.0.2.42 query (cache)
> 'aaccmmaaaafwx0000dlaaabaaafbbfpg/NS/IN' denied: 1 Time(s)
> client 192.0.2.42 query (cache)
> 'abbcneaaaafwx0000dlaaabaaafbkkag/NS/IN' denied: 1 Time(s)
> client 192.0.2.42 query (cache)
> 'acdbbbaaaafwx0000dlaaabaaafbpkeo/NS/IN' denied: 1 Time(s)

It's possible to translate x86 machine code into strings of printable
characters (great for overflowing text fields, even if the target does
basic sanity checking).  But judging by the differences between the
queries, this is more likely a known-plaintext attack on a WEP, a VPN,
or similar.


More information about the gnhlug-discuss mailing list