[96674] in North American Network Operators' Group
Re: Interesting new dns failures
daemon@ATHENA.MIT.EDU (Jason Frisvold)
Mon May 21 13:56:58 2007
Date: Mon, 21 May 2007 13:49:01 -0400
From: "Jason Frisvold" <xenophage0@gmail.com>
To: "Roger Marquis" <marquis@roble.com>
Cc: nanog@merit.edu
In-Reply-To: <20070520192545.A77164@ubfganzr>
Errors-To: owner-nanog@merit.edu
On 5/20/07, Roger Marquis <marquis@roble.com> wrote:
> Most of the individual nameservers do not answer queries, the ones
> that do are open to recursion, and all are hosted in cable/dsl/dial-up
> address space with correspondingly rfc-illegal reverse zones. Running
> 'host -at ns' a few times shows the list of nameservers is rotated
> every few seconds, and occasionally returns "server localhost".
They're likely not name servers, or at least not all name servers..
I'd venture a guess as to these being part of a "Snowshoe" spammer
network... I've been getting hit by similar domains for a few weeks
now.. Blocking seems to be the best way to handle them..
Looks like some of these are running nginx (http://nginx.net/) as a
web server... I've seen others with centos installs.. My guess is
that the web servers are for management of the spamming software..
> Roger Marquis
--
Jason 'XenoPhage' Frisvold
XenoPhage0@gmail.com
http://blog.godshell.com
