FYI: I've set some traps on our DNS servers, dunno exactally what this
means but I thought that I should share:
Jan 5 18:41:09 myServer named[24490]: client X.X.X.X#1192: query:
arcor.de IN MX
Jan 5 18:45:48 myServer named[24490]: client X.X.X.X#1034: query:
freenet.de IN MX
These are the only two logs I have at this point. And I don't recall any
other Sober searching for an email server.
-Wil
Wil Schultz wrote:
Wouldn't it be fun if it contained the WMF exploit in some form?
So, I'm planning on using swatch to monitor DNS requests for the known
affected domains. What is everyone else planning to do?
-Wil
