Pages : 1
#1 Le 04/06/2014, à 23:34
- catmin
demande d'information sur log bind
Bonjour,
pouvez-vous m'en apprendre plus sur les logs bind suivantes :
ou "x.x.x.x" correspond à mon ip et "mydomain.tld" à mon domaine.
04-Jun-2014 20:59:22.232 queries: info: client 67.210.234.166#49802 (gt-bk4csp5mpm.www.bbf.mydomain.tld): query: gt-bk4csp5mpm.www.bbf.mydomain.tld IN MX - (x.x.x.x)
04-Jun-2014 21:01:22.618 queries: info: client 123.125.71.100#13593 (ohivppelwhpelzrstp.mydomain.tld): query: ohivppelwhpelzrstp.mydomain.tld IN A - (x.x.x.x)
04-Jun-2014 21:01:37.632 queries: info: client 220.181.108.186#25068 (ohivppelwhpelzrstp.mydomain.tld): query: ohivppelwhpelzrstp.mydomain.tld IN A - (x.x.x.x)
04-Jun-2014 21:03:09.249 queries: info: client 67.210.234.167#50161 (nc6eegc7m6x1g.www.atz.mydomain.tld): query: nc6eegc7m6x1g.www.atz.mydomain.tld IN A - (x.x.x.x)
04-Jun-2014 21:06:58.280 queries: info: client 80.10.202.7#55033 (dav.mydomain.tld): query: dav.mydomain.tld IN A -ED (x.x.x.x)
04-Jun-2014 21:10:22.513 queries: info: client 213.186.33.199#1687 (mydomain.tld): query: mydomain.tld IN SOA -E (x.x.x.x)
04-Jun-2014 21:13:08.400 queries: info: client 67.210.234.171#58207 (m6et84fzkctjq.www.acv.mydomain.tld): query: m6et84fzkctjq.www.acv.mydomain.tld IN A - (x.x.x.x)
04-Jun-2014 21:18:00.797 queries: info: client 66.128.50.66#51271 (vqijsm4i7t5bp.www.bdo.mydomain.tld): query: vqijsm4i7t5bp.www.bdo.mydomain.tld IN MX - (x.x.x.x)
04-Jun-2014 21:18:03.068 queries: info: client 66.128.50.66#51271 (vqijsm4i7t5bp.www.bdo.mydomain.tld): query: vqijsm4i7t5bp.www.bdo.mydomain.tld IN NS - (x.x.x.x)
04-Jun-2014 21:30:49.039 queries: info: client 67.210.234.165#49703 (rks18tozf4fgg.www.agb.mydomain.tld): query: rks18tozf4fgg.www.agb.mydomain.tld IN A - (x.x.x.x)
04-Jun-2014 21:32:05.024 queries: info: client 67.210.234.162#59925 (km6aq3247voxd.www.aak.mydomain.tld): query: km6aq3247voxd.www.aak.mydomain.tld IN A - (x.x.x.x)
04-Jun-2014 21:32:06.325 queries: info: client 67.210.234.162#59925 (km6aq3247voxd.www.aak.mydomain.tld): query: km6aq3247voxd.www.aak.mydomain.tld IN MX - (x.x.x.x)
04-Jun-2014 21:34:07.518 queries: info: client 67.210.234.168#53922 (areavqgszs7zo.www.aew.mydomain.tld): query: areavqgszs7zo.www.aew.mydomain.tld IN A - (x.x.x.x)
04-Jun-2014 21:36:10.602 queries: info: client 66.128.50.72#56760 (k52ps6g6pibch.www.bdd.mydomain.tld): query: k52ps6g6pibch.www.bdd.mydomain.tld IN A - (x.x.x.x)
04-Jun-2014 21:36:13.860 queries: info: client 66.128.50.72#56760 (k52ps6g6pibch.www.bdd.mydomain.tld): query: k52ps6g6pibch.www.bdd.mydomain.tld IN MX - (x.x.x.x)
04-Jun-2014 21:36:16.495 queries: info: client 66.128.50.72#56760 (k52ps6g6pibch.www.bdd.mydomain.tld): query: k52ps6g6pibch.www.bdd.mydomain.tld IN NS - (x.x.x.x)
04-Jun-2014 21:42:15.358 queries: info: client 80.10.202.7#40668 (dav.mydomain.tld): query: dav.mydomain.tld IN A -ED (x.x.x.x)
04-Jun-2014 21:46:15.161 queries: info: client 67.210.234.166#49802 (g-mvrm23q7k6c.www.auv.mydomain.tld): query: g-mvrm23q7k6c.www.auv.mydomain.tld IN MX - (x.x.x.x)
04-Jun-2014 21:49:25.806 queries: info: client 66.128.50.66#51271 (rotb2trpaqkcj.www.bkz.mydomain.tld): query: rotb2trpaqkcj.www.bkz.mydomain.tld IN NS - (x.x.x.x)
04-Jun-2014 21:50:22.140 queries: info: client 67.210.234.167#50161 (p7ox0q5v4-zgj.www.blx.mydomain.tld): query: p7ox0q5v4-zgj.www.blx.mydomain.tld IN A - (x.x.x.x)
04-Jun-2014 21:54:02.233 queries: info: client 89.119.94.4#49947 (mydomain.tld): query: mydomain.tld IN MX -EDC (x.x.x.x)
04-Jun-2014 21:56:25.735 queries: info: client 66.128.50.69#54387 (evyog6qboobg.www.asw.mydomain.tld): query: evyog6qboobg.www.asw.mydomain.tld IN MX - (x.x.x.x)
04-Jun-2014 22:00:44.426 queries: info: client 66.128.50.68#50534 (oe6az7e41c1eg.www.aki.mydomain.tld): query: oe6az7e41c1eg.www.aki.mydomain.tld IN MX - (x.x.x.x)
04-Jun-2014 22:02:26.642 queries: info: client 213.186.33.199#1687 (mydomain.tld): query: mydomain.tld IN SOA -E (x.x.x.x)
04-Jun-2014 22:07:22.729 queries: info: client 66.128.50.72#56760 (k2f9b4x01ar2l.www.ajt.mydomain.tld): query: k2f9b4x01ar2l.www.ajt.mydomain.tld IN MX - (x.x.x.x)
04-Jun-2014 22:11:08.318 queries: info: client 66.128.50.70#62226 (lgtn-xoi3esbn.www.ayo.mydomain.tld): query: lgtn-xoi3esbn.www.ayo.mydomain.tld IN MX - (x.x.x.x)
04-Jun-2014 22:11:31.289 queries: info: client 67.210.234.168#53922 (uy81gkqapmoqc.www.asz.mydomain.tld): query: uy81gkqapmoqc.www.asz.mydomain.tld IN MX - (x.x.x.x)
04-Jun-2014 22:17:23.156 queries: info: client 80.10.202.7#46493 (dav.mydomain.tld): query: dav.mydomain.tld IN A -ED (x.x.x.x)
04-Jun-2014 22:17:40.637 queries: info: client 124.232.142.220#59596 (VERSION.BIND): query: VERSION.BIND CH TXT + (x.x.x.x)
04-Jun-2014 22:18:18.719 queries: info: client 67.210.234.165#49703 (qo93iprqmjvgh.www.acl.mydomain.tld): query: qo93iprqmjvgh.www.acl.mydomain.tld IN A - (x.x.x.x)
04-Jun-2014 22:18:20.322 queries: info: client 67.210.234.165#49703 (qo93iprqmjvgh.www.acl.mydomain.tld): query: qo93iprqmjvgh.www.acl.mydomain.tld IN MX - (x.x.x.x)
04-Jun-2014 22:19:47.444 queries: info: client 66.128.50.67#56289 (gbx-yk4kipgjh.668176c-pt952676768.mydomain.tld): query: gbx-yk4kipgjh.668176c-pt952676768.mydomain.tld IN A - (x.x.x.x)Il s'agit d'un serveur bind autoritaire.
La fréquence des requêtes ne laisse pas penser à une attaque, mais par curiosité je souhaiterais comprendre quel est l’intérêt pour ces bots a tester des sous domaines incongrues de façon aléatoire.
Merci d'avance.
Dernière modification par catmin (Le 04/06/2014, à 23:52)
Hors ligne
#2 Le 05/06/2014, à 08:58
- bruno
Re : demande d'information sur log bind
Bonjour,
je ne suis pas du tout un spécialiste, mais cela ressemble à une « attaque par amplification »
Hors ligne
Pages : 1