Quote:
Originally Posted by dijetlo
It looks to me more like they've tried to exfiltrate your private DNS zones
|
I think that's what I meant when I wrote 'hijack' - or do I misunderstand?
Quote:
Originally Posted by dijetlo
I'd check the logs to see if any zone transfers did occur during exposure and if so, to whom.
|
I see nothing but failures, but they've tried hundreds of times, apparently from different IPs. I checked out a few of them; 1 was from the University of Aachen, which, I hope, they've either spoofed or hijacked.