 |
 |
John DiMarco writes: > > >Has anyone else seen any unexpected zone transfers lately? > > > >The offending transfers happened at 2242 for hprc.toronto.edu and > >2305 for utirc.toronto.edu, and came from 194.72.238.4, which is > >ns0.netcraft.co.uk. > > CDF's came at 2231. It's the only recorded suspicious zone transfer in > our logs since Jul 2. As for the CS Lab, they asked us *twice* about a whole bunch of domains. >From bay.cs: Aug 19 22:29:46 "botany.toronto.edu" Aug 19 22:29:50 "botany.toronto.edu" Aug 19 22:33:52 "dgp.toronto.edu" Aug 19 22:41:15 "geology.toronto.edu" Aug 19 22:41:17 "geology.toronto.edu" Aug 19 22:44:23 "in.toronto.edu" Aug 19 22:44:24 "in.toronto.edu" Aug 19 22:46:53 "law.toronto.edu" Aug 19 22:46:54 "law.toronto.edu" Aug 19 22:49:14 "mgmt.toronto.edu" Aug 19 22:49:19 "mgmt.toronto.edu" Aug 19 22:50:57 "mms.toronto.edu" Aug 19 22:51:00 "mms.toronto.edu" Aug 19 22:55:06 "oise.toronto.edu" Aug 19 22:55:09 "oise.toronto.edu" Aug 19 22:57:01 "osm.toronto.edu" Aug 19 22:57:04 "osm.toronto.edu" Aug 19 22:58:47 "phm.toronto.edu" Aug 19 22:58:50 "phm.toronto.edu" Aug 19 22:59:10 "physics.toronto.edu" Aug 19 23:01:28 "playfair.toronto.edu" Aug 19 23:01:30 "playfair.toronto.edu" Aug 19 23:06:39 "utlink.toronto.edu" Aug 19 23:06:41 "utlink.toronto.edu" Aug 19 23:08:14 "utpdoc.toronto.edu" Aug 19 23:08:16 "utpdoc.toronto.edu" Aug 19 23:09:45 "utpress.toronto.edu" Aug 19 23:09:46 "utpress.toronto.edu" Aug 19 23:14:56 "botany.toronto.edu" Aug 19 23:14:58 "botany.toronto.edu" Aug 19 23:37:46 "geology.toronto.edu" Aug 19 23:37:48 "geology.toronto.edu" Aug 19 23:39:32 "in.toronto.edu" Aug 19 23:39:33 "in.toronto.edu" Aug 20 00:10:01 "itdc.toronto.edu" Aug 20 00:10:02 "itdc.toronto.edu" Aug 20 00:11:27 "law.toronto.edu" Aug 20 00:11:28 "law.toronto.edu" Aug 20 00:13:21 "mgmt.toronto.edu" Aug 20 00:13:22 "mgmt.toronto.edu" Aug 20 00:15:06 "mms.toronto.edu" Aug 20 00:15:07 "mms.toronto.edu" Aug 20 00:18:10 "oise.toronto.edu" Aug 20 00:18:11 "oise.toronto.edu" Aug 20 00:19:46 "osm.toronto.edu" Aug 20 00:19:48 "osm.toronto.edu" Aug 20 00:21:25 "phm.toronto.edu" Aug 20 00:21:26 "phm.toronto.edu" Aug 20 00:22:56 "playfair.toronto.edu" Aug 20 00:22:57 "playfair.toronto.edu" Aug 20 00:24:42 "utlink.toronto.edu" Aug 20 00:24:44 "utlink.toronto.edu" Aug 20 00:26:13 "utpdoc.toronto.edu" Aug 20 00:26:14 "utpdoc.toronto.edu" Aug 20 00:27:50 "utpress.toronto.edu" Aug 20 00:27:51 "utpress.toronto.edu" >From relay.cs, there were only two: Aug 19 22:27:27 "ai.toronto.edu" Aug 19 22:33:18 "cs.toronto.edu" I have no data on db.toronto.edu, which runs a separate name server, which doesn't appear to do logging of zone transfers. -- People shouldn't think that it's better to have Dan Astoorian loved and lost than never loved at all. It's Sysadmin, CS Lab not, it's better to have loved and won. All [log in to unmask] the other options really suck. --Dan Redican