Snort mailing list archives

Re: DNS server keeps communicating with Darkprofits.net and darkprofits.com

From: Sean Lazar <slazar () cruzio com>
Date: Mon, 02 Feb 2004 17:47:03 -0800

In general your DNS servers should not serve domains other than thosethey are authoritative for.

If you are using Bind (eight and above?) you can use the allow recursionoption to limit recursion to friendly ip addresses. For example:


acl our-nets { XXX.XXX.XXX.0/24; };
options {
   allow-recursion { our-nets; };
}

Upgrading the latest BIND version is strongly recommended.
bind reference manual: http://www.nominum.com/content/documents/bind9arm.pdf


Marlon.Richards () Windalco com wrote:




Hi guys. I know this is the SNORT mailing list but i am just wondering
if i could get some help here. I found that my DNS server is being asked to
make numerous resolutions of darkprofits.com and darkrpofits.net. None of
my internal clients are making these requests. My Sniffer shows me that the
requests are being made from outside my network and that my DNS server is
making a request for this domain to external hosts. Does anyone know where
this may be coming from and how to stop it?




====================================
Marlon Richards
Communications Engineer
West Indies Alumina Company
Kirkvine Works
Jamaica
Tel#:    876-961-7434
Fax#:   876-961-7464
Email:  marlon.richards () windalco com



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

DNS server keeps communicating with Darkprofits.net and darkprofits.com Marlon . Richards (Feb 02)
- Re: DNS server keeps communicating with Darkprofits.net and darkprofits.com Sean Lazar (Feb 02)
- Re: DNS server keeps communicating with Darkprofits.net and darkprofits.com Ben Nelson (Feb 03)
- <Possible follow-ups>
- RE: DNS server keeps communicating with Darkprofits.net and darkprofits.com Grime, Richard S (Feb 03)