Re: Something new? bind dos? exploit?

[jlewis () lewis org]

On Fri, 13 Feb 2004, Chip Mefford wrote:

> Feb 13 06:55:40 hostname named[12631]: socket.c:1100: unexpected error:
> Feb 13 06:55:40 hostname named[12631]: internal_send:
> 244.254.254.254#53: Invalid argument

This has made the rounds on several other lists already.  It's just RFG's 
way of telling people to stop trying to use several DNSBLs he shut down 
some time ago.

$ dig @ns4.monkeys.com. relays.monkeys.com ns
 
; <<>> DiG 9.2.1 <<>> @ns4.monkeys.com. relays.monkeys.com ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31620
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; QUESTION SECTION:
;relays.monkeys.com.            IN      NS
 
;; ANSWER SECTION:
relays.monkeys.com.     86400   IN      NS      bogus-maximus.monkeys.com.
 
;; ADDITIONAL SECTION:
bogus-maximus.monkeys.com. 86400 IN     A       244.254.254.254
 
;; Query time: 1106 msec
;; SERVER: 66.60.159.24#53(ns4.monkeys.com.)
;; WHEN: Fri Feb 13 23:16:34 2004
;; MSG SIZE  rcvd: 80

----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------