Abuse از طرف هتزنر ؟!!

[x11416]

از طرف هتزنر ایمیل برام ارسال شده . متن ایمیل هم اینه .

قضیه چیه و Abuse برای چی هست و مشکل از چیست ؟


Dear Mr ,

We have received a security alert from the Federal Office for Information Security (BSI).

This is an information email only and does not require any further action on your part. It is your choice whether or not to investigate the complaint.
We do not expect any response.

Important information:
When replying to us, please leave the Abuse ID [AbuseID:2129C9:1D] in the subject line unchanged.


Kind regards,

Hetzner Abuse Team

Abuse Message 2129C91D.txt
[CERT-Bund#2015111628002467]

Dear Sir or Madam,

The AXFR (Asynchronous Full Transfer Zone, or zone transfer) is used to
synchronize the DNS entries for a domain between authoritative name
servers. An AXFR query is usually only approved if it is from the
respective secondary DNS server to the primary DNS server. If there is a
mistake in the configuration of the DNS server, an AXFR query can
nevertheless still be made from any arbitrary IP address.

Attackers take advantage of this problem to obtain information from
systems that are connected to that domain. Then, from this information,
they identify other potential places where they could attack.

For further information, please see:
[You need an English-language link here; maybe try:
https://www.us-cert.gov/ncas/alerts/TA15-103A or
http://news.softpedia.com/news/Misco...k-478331.shtml]

CERT-Bund (the CERT for the German Federal Office for Information
Security) has obtained a list of domain names whose authoritative DNS
servers are hosted in Germany and which permit an AXFR queries from any
random IP address.

Below are a list of affected domain names and the relevant DNS servers
in your network area. We request that you review the situation and take
necessary measures, such as informing your customers about this security
issue.

This email has been digitally signed using PGP. For information on the
key used for this signature, please see:
<https://www.cert-bund.de/reports-sig>

Please note: This is an automated response. Do not attempt to respond to
this email by sending a response to the above sender. Please send any
questions to certbund@bsi.bund.de.


Below is a list of affected domain names/DNS servers in your network
area. The format for that list is: