Possible attack? Funny DNS requests
Results 1 to 5 of 5

Thread: Possible attack? Funny DNS requests

  1. #1
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206

    Possible attack? Funny DNS requests

    Hi there i am wondering if anyone can help me out. I have a Linux server hosting about 70 domains. Lately i have been noticing in my logs /var/log/messages following requests

    Feb 10 02:43:42 gipsy named[572]: lame server resolving '83.52.225.82.ipwhois.rfc-ignorant.org' (in 'ipwhois.rfc-ignorant.org'?): 127.0.0.1#53
    Feb 10 02:43:55 gipsy named[572]: lame server resolving '53.16.22.216.ipwhois.rfc-ignorant.org' (in 'ipwhois.rfc-ignorant.org'?): 127.0.0.1#53

    Sometimes its up to three a second. Searched on google for similar behavior and found nothing. Has anyone seen this before? Could it be that my server is blacklisted? Or could it be some kind of hack?

  2. #2
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Try here...

    http://www.google.ca/search?hl=en&cl...G=Search&meta=
    Google Search: .ipwhois.rfc-ignorant.org' (in 'ipwhois.rfc-ignorant.org'?): 127.0.0.1#53

  3. #3
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    Less obscure

    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  4. #4
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206
    Fair enough but how do i stop it? I did visit thei website before and it still does not explain why is this happening? Any ides?

  5. #5
    Senior Member frpeter's Avatar
    Join Date
    Dec 2004
    Posts
    131
    Hellp,

    check the bind administration manual on lame servers. The can be disabled.

    Or you can use the following as an example:

    logging {
    category "lame-servers" { "null"; };
    channel null {
    null;
    severity warning;
    };
    };

    The part that you want is the category line.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •