[nsp-sec] DNS poisoning activity in the wild
Leo Bicknell
Leo_Bicknell at isc.org
Wed Jul 30 10:52:38 EDT 2008
In a message written on Wed, Jul 30, 2008 at 02:46:45PM +0000, John Fraizer wrote:
> I'm seeing a TON of attempts against my personal resolvers. I can't
> remember the last time they would do recursive for anyone outside of my
> network but, I now constantly
> get query attempts for MSN, GOOGLE, and every bank known to man.
I suspect there are many more black hats than white hats at this,
but as an FYI....
ISC is hosting a couple of different DNS researchers who are looking
at the vunerability and if there is active cache corruption in the
wild. Given these tools have been rather quickly thrown together
they are still working out some of the bugs, including repeated
queries to ACL'ed hosts.
If any of the queries come from ISC space, 149.20.0.0/16 they are
likely one of these researchers. We would prefer you not do anything
differently to them (e.g. either open up or close off your servers).
If you see unfriendly behavior or otherwise want it to stop and it's
from us, please drop a note to noc at isc.org.
--
Leo Bicknell; E-mail: Leo_Bicknell at isc.org, Phone: +1 650 423 1358
INOC*DBA *3357*592; Internet Systems Consortium, Inc. www.isc.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20080730/5ac75e55/attachment-0001.sig>
More information about the nsp-security
mailing list