After the person finished the attack, he could have deleted the name.domain.tld hostname from his dns server. That is why you can't resolve it now. Some people also do this with IRC to avoid denial of service attacks. They connect from an ip that reverses and forwards to foo.bar.com. After the IRC server verifys they have connected from a real hostname. The user will then delete the dns record or change the ip that the hostname points to in the dns record. So if you try to ping the person's hostname, it will go to whatever new ip the person has assigned that hostname to or wont resolve. DNS is dynamic in a since, if someone connects an hour ago to your server and his/her ip resolves to foo.bar.com, doesn't mean its going to resolve to that now or even exist.
Hope that clears everything up, sodium mobsters.net ----- Original Message ----- From: "Zep" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, May 29, 2003 10:23 PM Subject: dns-ish question. > > So I'm super paranoid guy and I always keep a pretty > close eye on my httpd logs... when I encounter this strange entry. > (or at least I think it's strange). I get an entry that says : > > name.domain.tld - - [28/May/2003:01:40:09 -0500] "OPTIONS * HTTP/1.0" 200 0 > > I'm guessing the entry itself implys the end person is poking around, > looking for misconfigurations, et al... but the strange part > to me is I can not lookup name.domain.tld. Is this some > sort of misguided... idea of security? I could do a reverse > lookup to log, but...? it seems very flakey to me. > > I thought it was perhaps a misconfiguration for this particular site, > but today a friend of mine has a very similar sort of log entry, only > with a doj.gov domain. Any thoughts? > thanks. > -- > - Zep > ([EMAIL PROTECTED]) > > Where are we going, and why am I in this handbasket? > > -------------------------------------------------------------------------- - > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
