Re: sober.z to hit tomorrow

North American Network Operators Group

Re: sober.z to hit tomorrow

From: Wil Schultz
Date: Thu Jan 05 23:04:15 2006

FYI: I've set some traps on our DNS servers, dunno exactally what this means but I thought that I should share:

Jan 5 18:41:09 myServer named[24490]: client X.X.X.X#1192: query: arcor.de IN MX
Jan 5 18:45:48 myServer named[24490]: client X.X.X.X#1034: query: freenet.de IN MX

These are the only two logs I have at this point. And I don't recall any other Sober searching for an email server.

-Wil

Wil Schultz wrote:

Wouldn't it be fun if it contained the WMF exploit in some form?
So, I'm planning on using swatch to monitor DNS requests for the known affected domains. What is everyone else planning to do?

-Wil

Follow-Ups:
- Re: sober.z to hit tomorrow Wil Schultz

References:
- sober.z to hit tomorrow Wil Schultz

Prev by Date: Re: Awful quiet?
Next by Date: Re: sober.z to hit tomorrow
Date Index
Thread Index
Author Index
Historical