 |
 |
Last night someone in the UK did a zone transfer to fetch our name server data. This is not a normal name server operation unless the fetching system is one of your secondaries, and unless U of T has made new arrangements, this system isn't; it is, however, sometimes a sign of a bad guy trying to gather data to aid in an attack. Has anyone else seen any unexpected zone transfers lately? The offending transfers happened at 2242 for hprc.toronto.edu and 2305 for utirc.toronto.edu, and came from 194.72.238.4, which is ns0.netcraft.co.uk. (No probes for utoronto.ca. Can we start a new pointless argument that claims that toronto.edu isn't as safe because more bad guys probe it?)