From owner-freebsd-security Sun Jan 30 0:58:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from mta4.snfc21.pbi.net (mta4.snfc21.pbi.net [206.13.28.142]) by hub.freebsd.org (Postfix) with ESMTP id 6C42B15018 for ; Sun, 30 Jan 2000 00:58:34 -0800 (PST) (envelope-from madscientist@thegrid.net) Received: from remus ([63.193.246.169]) by mta4.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.1999.09.16.21.57.p8) with SMTP id <0FP50007X4X6MU@mta4.snfc21.pbi.net> for freebsd-security@freebsd.org; Sun, 30 Jan 2000 00:58:18 -0800 (PST) Date: Sun, 30 Jan 2000 00:52:15 -0800 From: The Mad Scientist Subject: Re: Continual DNS requests from mysterious IP In-reply-to: <4.2.2.20000129173418.03dc4960@localhost> X-Sender: i289861@mail.thegrid.net To: freebsd-security@freebsd.org Message-id: <4.1.20000130004931.00954ac0@mail.thegrid.net> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Content-type: text/plain; charset="us-ascii" References: <200001290216.SAA34537@floozy.zytek.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:36 PM 1/29/00 -0700, you wrote: >My guess is that your machine is being used in a distributed DoS >attack against AOL. The perpetrator is probably querying many >servers throughout the Net, hoping that they in turn will >swamp AOL. By providing lots of bogus host names that do not >repeat, they're ensuring that a fresh request is generated every >time. > >I personally would block the buggers and then contact AOL. > >--Brett It could also be those nifty AOL Instant Messengers trying to do some email checking. -Dean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message