On Fri, 2008-07-25 at 09:46 -0700, Wolfgang S. Rupprecht wrote: > James Kosin posted a message on the fedora mailing list that he is > actually seeing DNS attack messages in his log files. The message is > archived here: > > http://permalink.gmane.org/gmane.linux.redhat.fedora.general/306278
...if you look at the addresses in use there, and you look in your logs and see the same thing, you might find some interesting queries which make it pretty obvious what those queries are for. They're not malicious; they're not an attack; they're data collection. I emailed Dan Kaminsky about this and he told me > That's the scan that's finding patches. I've just asked for a bit of clarification on this; the pattern of the queries is interesting - those who have the same type of queries in their logs might take note of the unchanging source port... The sky isn't falling... yet. Graeme
