[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Open Resolver Problems

    Little bit of fun with http://bindguard.activezone.de/

    This little example with an open resolver with only 200 queries a

    The following list show the # of queries made followed by the query
in question.

    False positive:

        2 a1.mzstatic.com IN A +
        2 a1001.phobos.apple.com IN A +
        1153 a.root-servers.net IN A +

        ^- 1153 root queries under 10s... from a small office...

    Old uncontrolled botnet:

        1020 isc.org IN ANY +ED
        1440 isc.org IN ANY +ED
        1075 isc.org IN ANY +ED
        1011 isc.org IN ANY +ED
        1103 isc.org IN ANY +ED

    This result come from my cheap scripts(tm) and bindguard.

    If anyone wish to try it I can provide you with some support files
and examples.

    Just contact me offlist.  PS: It will be later today...

    Enjoy today's drama.

Alain Hebert                                ahebert at pubnix.net   
PubNIX Inc.        
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443