Security Incidents mailing list archives
Re: massive unapproved AXFR's and odd rcvd NOTIFY's
From: francis () USLS EDU (Francis A. Vidal)
Date: Thu, 10 Feb 2000 12:26:40 +0800
---- Quoting Paul Wouters's message, sent 02/09/00 3:50pm ----
(All strings "domainname.com" are real domainnames) I am seeing a LOT of these, even right now: Feb 9 08:35:59 duplo named[543]: unapproved AXFR from [216.0.52.138].1041 for "domainname.com" (acl)
same thing happened to me here -- exact IP addresses. most of the queries were for AOL.COM. what i did was to block them at the router level. [some portion snipped] -- francis vidal university of st. la salle, bacolod city, philippines . . . . . . . PGP key available via e-mail / subject: get PGP key u s l s N E T tel nos. (+63.34).433.3526 / fax (+63.34).434.0415
Current thread:
- Re: SSH2 Exploit?, (continued)
- Re: SSH2 Exploit? //Stany (Feb 16)
- Re: SSH2 Exploit? sysadmin (Feb 16)
- AdForce hitting odd ports Rick Tortorella (Feb 11)
- UDP to 161 CL: Nelson, Jeff (Feb 10)
- Re: UDP to 161 Pavel Kankovsky (Feb 15)
- Re: UDP to 161 Ryan Russell (Feb 15)
- Re: UDP to 161 CyberPsychotic (Feb 16)
- Re: UDP to 161 Russell Fulton (Feb 15)
- Re: Private networks and home.{net|com} Andy Smith (Feb 09)
- massive unapproved AXFR's and odd rcvd NOTIFY's Paul Wouters (Feb 09)
- Re: massive unapproved AXFR's and odd rcvd NOTIFY's Francis A. Vidal (Feb 09)
- [UPDATE]Dos Trojan on Solaris Roderick Padilla (Feb 09)
- Re: [UPDATE]Dos Trojan on Solaris Ross Mueller (Feb 09)
- a very strange scan Boris Badenov (Feb 09)
- Re: a very strange scan Russell Fulton (Feb 10)
- Possible stacheldraht variant/probe Stephen P. Berry (Feb 09)
- Re: Possible stacheldraht variant/probe David Brumley (Feb 10)
- Re: [UPDATE]Dos Trojan on Solaris Robert Lau (Feb 09)
- Re: Strange traceroute Rob Quinn (Feb 08)
- vi as a suid Paulo Ribeiro (Feb 08)