Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS Scanning for blocking

From: Jonathan Rickman <jonathan () XCORPS NET>
Date: Thu, 21 Dec 2000 13:26:19 -0500
On Thu, 21 Dec 2000, Zeffie wrote:


    I Host a site for the local strip club and lately I started getting
messages like this for several domains.

Dec 20 01:13:22 www named[2105]: unapproved AXFR from [157.167.1.21].4238
for "theirdomain.NET" (acl)
Dec 20 01:13:23 www named[2105]: unapproved AXFR from [157.167.1.21].4239
for "theirdomain.NET" (acl)


They were harvesting your DNS info for use in their software.


I checked into it and found that surfcontrol is responsable for this.  They
are doing it to confirm their "Block Lists" are correct.  So they can block
the domains from being accessed by employees/customers of bussiness that
they sell their product to.


Correct...


So am I crazy or did they scan my network with the intent of blocking
traffic and thereby causing me direct finanical losses?  Is what they are
doing legale?  Have they broken the law in several states?


No. While what they did may seem intrusive, it's no more illegal than
running nslookup against your domain name. Their reason for doing so is
perfectly legal as well. As the operator of an adult site, you can expect
this. Being added to a proxy's smut filter is the (HTTP) equivalent of
being added to the (SMTP) ORBS database. Not alot you can do about it.

--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
Previous By Date Next
Previous By Thread Next

Current thread: