OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Full-disclosure] Signs of compromised DNS?

From: James Lay (jlayslave-tothe-box.net)
Date: Thu Jul 24 2008 - 09:41:55 CDT


Anyone have any idea what signs would be if a DNS server is compromised?
Been seeing:

08:39:28 homebox named[27]: client *.*.143.11#10053: query (cache)
'gmail.com/ANY/IN' denied
08:40:30 homebox named[27]: client *.*143.11#10053: query (cache)
'hotmail.com/ANY/IN' denied

Coming in to my DNS server lately...thanks all.

James

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/