[87721] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: sober.z to hit tomorrow

daemon@ATHENA.MIT.EDU (Wil Schultz)
Thu Jan 5 23:01:46 2006

Date: Thu, 05 Jan 2006 20:01:09 -0800
From: Wil Schultz <wschultz@wilcomm.net>
To: nanog@merit.edu
In-Reply-To: <43BD6B15.6020900@wilcomm.net>
Errors-To: owner-nanog@merit.edu

FYI: I've set some traps on our DNS servers, dunno exactally what this 
means but I thought that I should share:

Jan  5 18:41:09 myServer named[24490]: client X.X.X.X#1192: query: 
arcor.de IN MX
Jan  5 18:45:48 myServer named[24490]: client X.X.X.X#1034: query: 
freenet.de IN MX

These are the only two logs I have at this point. And I don't recall any 
other Sober searching for an email server.

-Wil

Wil Schultz wrote:

> Wouldn't it be fun if it contained the WMF exploit in some form?
> So, I'm planning on using swatch to monitor DNS requests for the known 
> affected domains. What is everyone else planning to do?
>
> -Wil
>
>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[87721] in North American Network Operators' Group

Re: sober.z to hit tomorrow

daemon@ATHENA.MIT.EDU (Wil Schultz)Thu Jan 5 23:01:46 2006

daemon@ATHENA.MIT.EDU (Wil Schultz)
Thu Jan 5 23:01:46 2006