[Snort-users] DNS server keeps communicating with Darkprofits.net and darkprofits.com

Sean Lazar slazar at ...9944...
Mon Feb 2 17:47:14 EST 2004


In general your DNS servers should not serve domains other than those 
they are authoritative for.

If you are using Bind (eight and above?) you can use the allow recursion 
option to limit recursion to friendly ip addresses. For example:

acl our-nets { XXX.XXX.XXX.0/24; };
options {
    allow-recursion { our-nets; };
}

Upgrading the latest BIND version is strongly recommended.
bind reference manual: http://www.nominum.com/content/documents/bind9arm.pdf


Marlon.Richards at ...11130... wrote:

>
>
>
>Hi guys. I know this is the SNORT mailing list but i am just wondering
>if i could get some help here. I found that my DNS server is being asked to
>make numerous resolutions of darkprofits.com and darkrpofits.net. None of
>my internal clients are making these requests. My Sniffer shows me that the
>requests are being made from outside my network and that my DNS server is
>making a request for this domain to external hosts. Does anyone know where
>this may be coming from and how to stop it?
>
>
>
>
>====================================
>Marlon Richards
>Communications Engineer
>West Indies Alumina Company
>Kirkvine Works
>Jamaica
>Tel#:    876-961-7434
>Fax#:   876-961-7464
>Email:  marlon.richards at ...11131...
>
>
>
>-------------------------------------------------------
>The SF.Net email is sponsored by EclipseCon 2004
>Premiere Conference on Open Tools Development and Integration
>See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
>http://www.eclipsecon.org/osdn
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>  
>




More information about the Snort-users mailing list