[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT misunderstood crackers



That's being done with automated scripts. Some systems are not configured properly to do correct load balancing and I suspect on such systems those crackers would get through. They have malware to install on your system most likely.

On Sun, 10 Jan 2016, Glenn English wrote:

Date: Sun, 10 Jan 2016 14:14:42
From: Glenn English <ghe@srv.slsware.net>
To: debianUsers <debian-user@lists.debian.org>
Subject: OT misunderstood crackers
Resent-Date: Sun, 10 Jan 2016 19:30:09 +0000 (UTC)
Resent-From: debian-user@lists.debian.org

I'm a self-taught admin (aka mild newbie), and I don't understand why people would hit my DNS servers thousands of times.

I've got a limiter in iptables ('recent' module) that blocks and logs when there are too many hits from one IP to my DNS servers (5 hits in 10 seconds, on non-recursive BIND slaves), and I see thousands of hits in my logs (logwatch reports) every morning, many spread all over a /24 or smaller -- crackers/kiddies for sure, I suspect.

What are they trying to accomplish? How can they get root or useful info from many DNS queries? Or are they just massively stupid with too much time on their hands? Or am I?



--


Reply to: