senthan.sivasunda...@szkb.ch wrote:
> One Day it came an alert from Cybereason (Antivirus-Software), that our
> Bind server tried to Connect to a suspicious domain "ns2.honeybot.us".
> But I couldn't find the log, which domain the BIND server was searching
> for, so that the BIND server has to c
> On 20 Oct 2020, at 18:02, Chuck Aurora wrote:
>
> On 2020-10-20 10:34, Borja Marcos wrote:
>>> On 20 Oct 2020, at 17:28, Rick Dicaire wrote:
>>> On Tue, Oct 20, 2020 at 10:17 AM wrote:
>>> Dear BIND-Users,
>>> Does someone has an idea, which log I have to activate.
>
> While everything Bo
On 2020-10-20 10:34, Borja Marcos wrote:
On 20 Oct 2020, at 17:28, Rick Dicaire wrote:
On Tue, Oct 20, 2020 at 10:17 AM wrote:
Dear BIND-Users,
Does someone has an idea, which log I have to activate.
While everything Borja says below, and what Kevin said in the other
subthread, is absolutel
[ Classification Level: GENERAL BUSINESS ]
Sorry to follow up on my own post, but I feel I should add a caveat about
blocking IPs -- the resolution of ns2.honeypot.us could *change* over time,
so an IP-based block might not be effective in the long term, and in fact
might cause more harm than good
> On 20 Oct 2020, at 17:28, Rick Dicaire wrote:
>
> On Tue, Oct 20, 2020 at 10:17 AM wrote:
> Dear BIND-Users,
>
> Does someone has an idea, which log I have to activate.
>
>
> Do you have querylog enabled?
Querylog is not enough. It will tell you which clients are sending which
queries,
On Tue, Oct 20, 2020 at 10:17 AM wrote:
> Dear BIND-Users,
>
> Does someone has an idea, which log I have to activate.
>
Do you have querylog enabled?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
IS
[ Classification Level: GENERAL BUSINESS ]
According to securitytrails.com (for instance), there are over 3,000
domains hosted on ns2.honeybot.us (securitytrails only shows the first few
domains hosted -- to see more, one presumably needs a subscription to their
service).
If one of your clients l
Dear BIND-Users,
We use in our environment a BIND Server. It works properly.
One Day it came an alert from Cybereason (Antivirus-Software), that our Bind
server tried to Connect to a suspicious domain "ns2.honeybot.us".
But I couldn't find the log, which domain the BIND server was searching for,
8 matches
Mail list logo
