Odd log messages from ISC BIND named
Bruce Dawson
jbd at codemeta.com
Tue Feb 3 17:11:51 EST 2009
Is it possible those strings are I18l names? (I seem to remember there
being a movement "a while back" trying to international-ize the DNS space.)
--Bruce
Ben Scott wrote:
> On Tue, Feb 3, 2009 at 1:11 PM, Mark E. Mallett <mem at mv.mv.com> wrote:
>
>> It's possible that somebody's testing using random query names instead
>> of "." -- "." is pretty easy to look for in the logs, but the random
>> names are more difficult.
>>
>
> So why not just query for <google.com.> or something else that's
> legitimate and quite common? These long domain names are obviously
> bogus, so it's almost as easy to filter for them. Just look for any
> query which doesn't include a known gTLD or ccTLD.
>
>
>> Anyway that's just guessing.
>>
>
> Yah, me too in the above. :) It's not like we can see into the
> assumed attackers' minds.
>
> -- Ben
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
More information about the gnhlug-discuss
mailing list