Security Incidents mailing list archives
weird DNS logs
From: K 0 <koml () strato net>
Date: Thu, 14 Dec 2000 14:22:32 -0500
anyone seen the following before ...? i suspect is some kind of DoS but i have never seen it before. if anyone has seen it can you tell me what it is and is there anyway i can prevent this. Its killing the syslog daemone and the named daemon every few hours. Dec 14 14:20:14 orange named[23402]: bad referral (ULS3\\.FOUR11\\.COM !< net) Dec 14 14:20:14 orange last message repeated 11 times Dec 14 14:20:14 orange named[23402]: unrelated additional info 'A.ROOT-SERVERS.net' type A from [192.203.230.10].53 Dec 14 14:20:14 orange named[23402]: unrelated additional info 'E.GTLD-SERVERS.net' type A from [192.203.230.10].53 Dec 14 14:20:14 orange named[23402]: unrelated additional info 'F.GTLD-SERVERS.net' type A from [192.203.230.10].53 Dec 14 14:20:14 orange named[23402]: unrelated additional info 'J.GTLD-SERVERS.net' type A from [192.203.230.10].53 Dec 14 14:20:14 orange named[23402]: unrelated additional info 'K.GTLD-SERVERS.net' type A from [192.203.230.10].53 Dec 14 14:20:14 orange named[23402]: unrelated additional info 'A.GTLD-SERVERS.net' type A from [192.203.230.10].53 Dec 14 14:20:14 orange named[23402]: unrelated additional info 'M.GTLD-SERVERS.net' type A from [192.203.230.10].53 Dec 14 14:20:14 orange named[23402]: unrelated additional info 'G.GTLD-SERVERS.net' type A from [192.203.230.10].53 Dec 14 14:20:14 orange named[23402]: unrelated additional info 'C.GTLD-SERVERS.net' type A from [192.203.230.10].53 Dec 14 14:20:14 orange named[23402]: unrelated additional info 'I.GTLD-SERVERS.net' type A from [192.203.230.10].53 Dec 14 14:20:14 orange named[23402]: unrelated additional info 'B.GTLD-SERVERS.net' type A from [192.203.230.10].53 Dec 14 14:20:14 orange named[23402]: unrelated additional info 'D.GTLD-SERVERS.net' type A from [192.203.230.10].53 Dec 14 14:20:14 orange sshd[23446]: log: Password authentication for sysadm accepted. Dec 14 14:20:14 orange named[23402]: bad referral (ULS3\\.FOUR11\\.COM !< NET) Dec 14 14:20:14 orange last message repeated 11 times
Current thread:
- possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) marc (Dec 15)
- Re: possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) Niels Heinen (Dec 15)
- Re: possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) claymore (Dec 15)
- weird DNS logs K 0 (Dec 15)
- Re: possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) Niels Heinen (Dec 15)