[Systems] [Systems-logs] Logwatch for sunjammer.sugarlabs.org (Linux)

Bernie Innocenti bernie at codewiz.org
Wed Mar 10 18:50:24 EST 2010

Previous message: [Systems] Nuevo Gitorious
Next message: [Systems] [Systems-logs] Logwatch for sunjammer.sugarlabs.org (Linux)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2010-03-10 at 20:44 -0300, Bernie Innocenti wrote:
> On Wed, 2010-03-10 at 23:22 +0100, Sascha Silbe wrote:
> > That's indeed a good explanation. Definitely some kind of broken 
> > software in any case.
> 
> To remove those stray warnings, shall we add fake zones and answer
> authoritatively? Or maybe enable recursive queries for the affected
> zones?
> 
> I'm afraid whoever is running that broken software is taking the failure
> into account and increasing the spam score on our outgoing email. Oddly,
> none of those IPs has an SMTP port open, so we can't determine what MTA
> they're using.

Oh, wait... I think I know.

Those are not MTAs verifying MX records. Instead, they're some kind of
Windows zombies looking for open recursive nameservers, maybe for some
kind of cache-poisoning attack.

-- 
   // Bernie Innocenti - http://codewiz.org/
 \X/  Sugar Labs       - http://sugarlabs.org/

Previous message: [Systems] Nuevo Gitorious
Next message: [Systems] [Systems-logs] Logwatch for sunjammer.sugarlabs.org (Linux)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list