nanog mailing list archives

Re: Interesting new dns failures

From: "Jason Frisvold" <xenophage0 () gmail com>
Date: Mon, 21 May 2007 13:49:01 -0400


On 5/20/07, Roger Marquis <marquis () roble com> wrote:

Most of the individual nameservers do not answer queries, the ones
that do are open to recursion, and all are hosted in cable/dsl/dial-up
address space with correspondingly rfc-illegal reverse zones.  Running
'host -at ns' a few times shows the list of nameservers is rotated
every few seconds, and occasionally returns "server localhost".


They're likely not name servers, or at least not all name servers..
I'd venture a guess as to these being part of a "Snowshoe" spammer
network...  I've been getting hit by similar domains for a few weeks
now..  Blocking seems to be the best way to handle them..

Looks like some of these are running nginx (http://nginx.net/) as a
web server...  I've seen others with centos installs..  My guess is
that the web servers are for management of the spamming software..

Roger Marquis


--
Jason 'XenoPhage' Frisvold
XenoPhage0 () gmail com
http://blog.godshell.com

Current thread:

Re: Interesting new dns failures, (continued)
- - - Re: Interesting new dns failures Suresh Ramasubramanian (May 24)
    - Re: Interesting new dns failures Hank Nussbacher (May 23)
    - Re: Interesting new dns failures Roger Marquis (May 22)
    - Re: Interesting new dns failures David Ulevitch (May 22)
    - Re: Interesting new dns failures Chris L. Morrow (May 22)
    - Re: Interesting new dns failures Suresh Ramasubramanian (May 22)
  - Re: Interesting new dns failures Stephane Bortzmeyer (May 21)
    - Re: Interesting new dns failures Mark Andrews (May 21)
    - Re: Interesting new dns failures Gadi Evron (May 21)
- Re: Interesting new dns failures Gadi Evron (May 21)
- Re: Interesting new dns failures Jason Frisvold (May 21)
  - Re: Interesting new dns failures Roger Marquis (May 21)
    - Re: Interesting new dns failures Valdis . Kletnieks (May 21)
    - Use of portions of 44.0.0.0/8? Neal R (May 21)
    - Re: Use of portions of 44.0.0.0/8? Andy Brezinsky (May 21)
    - OK - functioning administration of 44.0.0.0/8 Neal R (May 21)
    - Re: OK - functioning administration of 44.0.0.0/8 Harald Koch (May 21)
    - Re: Use of portions of 44.0.0.0/8? Joel Jaeggli (May 21)
- Re: Interesting new dns failures Fergie (May 20)
- Re: Interesting new dns failures Fergie (May 20)
  - Re: Interesting new dns failures John Curran (May 21)

(Thread continues...)