Re: OT misunderstood crackers

To: Glenn English <ghe@srv.slsware.net>, debianUsers <debian-user@lists.debian.org>
Subject: Re: OT misunderstood crackers
From: Jude DaShiell <jdashiel@panix.com>
Date: Sun, 10 Jan 2016 20:51:21 -0500 (EST)
Message-id: <[🔎] alpine.NEB.2.11.1601102049290.13491@panix1.panix.com>
In-reply-to: <[🔎] 85830F43-A983-4693-87CA-D6884D833439@srv.slsware.net>
References: <[🔎] 85830F43-A983-4693-87CA-D6884D833439@srv.slsware.net>

That's being done with automated scripts. Some systems are notconfigured properly to do correct load balancing and I suspect on suchsystems those crackers would get through. They have malware to installon your system most likely.


On Sun, 10 Jan 2016, Glenn English wrote:

Date: Sun, 10 Jan 2016 14:14:42
From: Glenn English <ghe@srv.slsware.net>
To: debianUsers <debian-user@lists.debian.org>
Subject: OT misunderstood crackers
Resent-Date: Sun, 10 Jan 2016 19:30:09 +0000 (UTC)
Resent-From: debian-user@lists.debian.org

I'm a self-taught admin (aka mild newbie), and I don't understand why people would hit my DNS servers thousands of times.

I've got a limiter in iptables ('recent' module) that blocks and logs when there are too many hits from one IP to my DNS servers (5 hits in 10 seconds, on non-recursive BIND slaves), and I see thousands of hits in my logs (logwatch reports) every morning, many spread all over a /24 or smaller -- crackers/kiddies for sure, I suspect.

What are they trying to accomplish? How can they get root or useful info from many DNS queries? Or are they just massively stupid with too much time on their hands? Or am I?

--

Reply to:

References:
- OT misunderstood crackers
  - From: Glenn English <ghe@srv.slsware.net>

Prev by Date: gettext is one minor rev too old
Next by Date: Re: Welcome to emergency mode!
Previous by thread: Re: OT misunderstood crackers
Next by thread: Welcome to emergency mode!
Index(es):
- Date
- Thread