Hi,
I've had a constant stream (1GiB/day) of these messages in my syslog for a week or so:
Apr 15 15:50:25 my-host named[851]: client 111.60.77.116#10734: query (cache) 'cnkdshajqtojmb.www.23us.com/A/IN' denied Apr 15 15:50:25 my-host named[851]: client 190.93.249.123#53968: query (cache) 'isc.org/ANY/IN' denied Apr 15 15:50:25 my-host named[851]: client 118.207.8.1#62367: query (cache) 'cjvewkb.www.23hh.com/A/IN' denied Apr 15 15:50:25 my-host named[851]: client 6.223.133.148#37202: query (cache) 'aocdeftuvwklm.www.23hh.com/A/IN' denied Apr 15 15:50:25 my-host named[851]: client 88.232.197.3#25345: query (cache) 'isc.org/ANY/IN' denied Apr 15 15:50:25 my-host named[851]: client 122.95.125.51#28659: query (cache) 'evalobifaj.vip.mia0pay.net/A/IN' denied Apr 15 15:50:25 my-host named[851]: client 190.93.249.123#49581: query (cache) 'isc.org/ANY/IN' denied Apr 15 15:50:25 my-host named[851]: client 190.93.248.123#51456: query (cache) 'isc.org/ANY/IN' denied Apr 15 15:50:25 my-host named[851]: client 32.241.79.215#36793: query (cache) 'nci.www.23hh.com/A/IN' denied Apr 15 15:50:25 my-host named[851]: client 88.232.197.3#25345: query (cache) 'isc.org/ANY/IN' denied Apr 15 15:50:25 my-host named[851]: client 88.232.197.3#25345: query (cache) 'isc.org/ANY/IN' denied So as I see it someone wants to use this server for a dns amplification attack but can't because the server doesn't allow recursion. But still this is endlessly filling up my syslog. Any advice on what to do about it?
Edit: advice is what I'm looking for, not adive ;)
[link][11 comments]