Interesting new dns failures

• Previous message (by thread): Interesting new dns failures
• Next message (by thread): Interesting new dns failures
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/20/07, Roger Marquis <marquis at roble.com> wrote:
> Most of the individual nameservers do not answer queries, the ones
> that do are open to recursion, and all are hosted in cable/dsl/dial-up
> address space with correspondingly rfc-illegal reverse zones.  Running
> 'host -at ns' a few times shows the list of nameservers is rotated
> every few seconds, and occasionally returns "server localhost".

They're likely not name servers, or at least not all name servers..
I'd venture a guess as to these being part of a "Snowshoe" spammer
network...  I've been getting hit by similar domains for a few weeks
now..  Blocking seems to be the best way to handle them..

Looks like some of these are running nginx (http://nginx.net/) as a
web server...  I've seen others with centos installs..  My guess is
that the web servers are for management of the spamming software..

> Roger Marquis

-- 
Jason 'XenoPhage' Frisvold
XenoPhage0 at gmail.com
http://blog.godshell.com

• Previous message (by thread): Interesting new dns failures
• Next message (by thread): Interesting new dns failures
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]