[dns-operations] MX record scanning

Mauricio Vergara Ereche mave at nic.cl
Tue May 10 23:02:06 UTC 2011

On Tuesday 10 May 2011 15:13:52 Gilles Massen wrote:
> On 10/5/11 13:53 , Antoin Verschuren wrote:
> > If there should be a topic a DNS-CERT should handle, I think it's this
> > one, as it needs coordination, and it clearly attacks or at least
> > affects the DNS system as a whole. If DNS-OARC should wish to perform a
> > task like this, this would be a start.
> Frankly, I don't see this as any threat, or even attack, simply because
> the DNS is not targeted, only remotely involved. It suffers simply from
> the collateral effects of a probably well intended spam fighting
> measure. And as so often with well intended anti-spam measures, not only
> the spammer bears the cost.

I'm in favor of Antoin in this. It's a threat at the end of the day.

When you are reaching levels that start to affect the stability of your 
service it's a big deal and must be threated as an important issue... maybe 
not an attack, but with the flavor of it, even if that was not the intention 
of the first burst of the queries.

Consequences of the botnet != intentions.

> But the bottom line is that this is a botnet trying to send spam. Hardly
> anything new, for CERTs business as usual. 

So, who's the entity in charge to report this? I don't think that my local 
cert would be able to do much with half million addresses from all over the 

> For helping the DNS there is
> a message to be passed to two parties. As I suspect that the spammers
> won't listen, get the 'good' guys to stop the random email generating
> pages.

OK, that could be a start. But I don't think that will stop the botnet.
The thing keeps growing, right?

Kind regards,


Mauricio Vergara Ereche                 User #188365 counter.li.org
DNS Admin NIC Chile                             mave [@] nic [.] cl
Miraflores 222 piso 14, Santiago CHILE                +56 2 9407710
Codigo Postal: 832-0198                           http://www.nic.cl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20110510/645047b8/attachment.sig>

More information about the dns-operations mailing list