That's being done with automated scripts. Some systems are not
configured properly to do correct load balancing and I suspect on such
systems those crackers would get through. They have malware to install
on your system most likely.
On Sun, 10 Jan 2016, Glenn English wrote:
Date: Sun, 10 Jan 2016 14:14:42
From: Glenn English <g...@srv.slsware.net>
To: debianUsers <debian-user@lists.debian.org>
Subject: OT misunderstood crackers
Resent-Date: Sun, 10 Jan 2016 19:30:09 +0000 (UTC)
Resent-From: debian-user@lists.debian.org
I'm a self-taught admin (aka mild newbie), and I don't understand why people
would hit my DNS servers thousands of times.
I've got a limiter in iptables ('recent' module) that blocks and logs when
there are too many hits from one IP to my DNS servers (5 hits in 10 seconds, on
non-recursive BIND slaves), and I see thousands of hits in my logs (logwatch
reports) every morning, many spread all over a /24 or smaller --
crackers/kiddies for sure, I suspect.
What are they trying to accomplish? How can they get root or useful info from
many DNS queries? Or are they just massively stupid with too much time on their
hands? Or am I?
--
