[prev in list] [next in list] [prev in thread] [next in thread] 

List:       novalug
Subject:    Re: [novalug] inreased domain attacks?
From:       mark () winksmith ! com
Date:       2001-04-29 2:25:44
[Download RAW message or body]

On Sat, Apr 28, 2001 at 02:52:25PM -0400, gregory j pryzby wrote:
> On 28 Apr 2001 11:43:22 -0400, mark@winksmith.com wrote:
> > i've been seeing a huge number of domain attacks (max was 347 in a
> > one day).  i'm not registered anywhere as a domain server so i know
> > it's an intrusion attempt.  many are from korea.  has anyone else
> > seen this activity?
> 
> You don't need to be registered. My guess is someone is looping through
> the entire IP range looking for open boxes

there are many attempted connections which could conceivably be "noise"
from the internet, or explained away in some fashion, netbios, http,
sunrpc, other udp stuff.

the only reason to go to the domain port is in response to a record
with some nic authority.  since no record exists pointing to my site,
then the only reason for the port access is a deliberate attack.

-- 
Mark Smith
mark@winksmith.com
_______________________________________________
novalug mailing list
novalug@tux.org
http://www.tux.org/mailman/listinfo/novalug
for subscribe/unsubscribe see web page

[prev in list] [next in list] [prev in thread] [next in thread]