***paste notice from my dedicated server host who also host DNS services***

The reason why that happened is that we have been getting UPDATE traffic
from 72.57.186.22 for that domain. It got flagged since we do not provide
update protocol handler for dynamic off-site dns editing.

Anyway. This guy does not seem to like you:

Mar 7 10:58:13 auth1 named[13081]: client 72.57.186.22#1573: update
'rastus.net/IN' denied

CPE00045ad11cfc-CM00e06f1f90ee.cpe.net.cable.rogers.com is the name
resolution.

***end paste***

It appears to be a person in Toronto Canada, and I am not on top of DNS, but
from what I can peice together some person assumed the DNS servers were open
to some automated updating and tried to push through a change - does this
sound close? I would imagine they were trying to point it to another IP
address to grab traffic and or serve a defaced site but could there be
something more sinister behind it?

The odd thing is that rastus.net has only been registered for a couple weeks
and has a placeholder page so isn't exactly a worthwhile target for
hijacking.

"Rastus" <fubar-removeme@uq.net.au> wrote:

Here is everything I know for sure. I have one email killfilter for a
guy who was shipping me viri several times a day. The origin shown in
the headers for these viri was:

cpe.net.cable.rogers.com

Beyond that I are clueless.

--
http://www.ren-prod-inc.com/hug_soft...action=contact