[dns-operations] MX record scanning

Tony Finch dot at dotat.at
Tue May 10 15:03:59 UTC 2011

Antoin Verschuren <antoin.verschuren at sidn.nl> wrote:
> The question now is, what to do with the data.
> If you analyse your querylog with the characterisics above, you have an
> almost certain list of affected botnet clients.
> Should we alert local CERTs to inform ISP's to tell their customers ?

Might also be helpful to ask Spamhaus if they could make use of the data.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in
Rockall and Malin, veering west or northwest 4 or 5, then backing southwest 5
or 6 later. Rough or very rough. Occasional rain. Moderate or good,
occasionally poor.

More information about the dns-operations mailing list