BIND: limiting recursion just might make things harder for spammers
Wolfgang Rupprecht
wolfgang+gnus20021117T172840 at wsrcc.com
Sun Nov 17 17:38:26 PST 2002
david at catwhisker.org (David Wolfskill) writes:
> 63.178.112.154 sdn-ar-005nctarbP264.dialsprint.net
> 167.89.225.99 dsl-sj-167-89-225-99.broadviewnet.net
>
> So I have no idea how much that's affecting the spammers, but I'm fairly
> certain that restricting the recursion-allowed queries has not made
> their misdeeds any easier ... and that is something I found so
> encouraging that I felt compelled to share it with y'all.
Some hit-n-run spammers will not have a full time nameserver. What
they do is setup a temporary primary and then unbeknownst to the
victims with recursive servers, elect them to be their secondaries.
Unless they log the traffic, they probably never realize that they are
serving up some spammer's domain to the rest of the world.
If you see this happening, you could have a bunch of fun with them by
editing up a zone file for them with a TTL of ETERNITY-1, and point
all the A-records to 127.0.0.1 (or some other server of your
choosing.) Be sure to increment the serial number to some very high
number (eg. just a tad under 2 gig ;-)) for added fun. It won't be
long before the other victim nameservers pick up your new zone and all
traffic to the spammer's domain ceases.
-wolfgang
--
We are from the U.N. and we are here to help you.
spider food: http://www.wsrcc.com/baddream/usenet/
(NOTE: The email address above is valid. Edit it at your own peril.)
More information about the Baylisa
mailing list