Security Incidents mailing list archives
Re: OpenNIC "attack?"
From: msjb82 () hotmail com
Date: 10 May 2006 22:15:53 -0000
"We would like (if possible) just to block the bogus requests automatically and get a single message warning us that someone's infected." The problem is, those aren't necessarily bogus requests. .glue is very much a valid domain name, I have been to several .glue domain web sites. Maybe this is the reason (in Bind's documentation) they don't recommend logging all traffic if expected traffic is to be high. At any rate, there are two basic methods to avoid this: 1) Log only things that go wrong and 2) restrict TLD lookups and why in the hell am I replying to a 3 year old post? 'Teach a man to fish...'
Current thread:
- Re: OpenNIC "attack?" msjb82 (May 10)