Security Incidents mailing list archives
Re: unapproved AXFR
From: r.fulton () AUCKLAND AC NZ (Russell Fulton)
Date: Tue, 25 Jan 2000 17:14:42 +1300
On Mon, 24 Jan 2000 10:56:41 +0200 "C." <claudiu.ionescu () SCALAJWT RO> wrote:
What is this? This is from my logs: Jan 22 16:48:53 main named[102]: unapproved AXFR from [210.179.238.50].4721 for "here.my.domain" (acl)
I thinks that this is a request for a zone transfer which your dns refused. i.e some one might have tried: nslookup
server <you dns> ls here.my.domain
Many scanning scripts have this built in so they only scan addresses with dns entries, if this fails they some times fall back on going through the PTR records but why they bother I can't imagine -- I would have thought that it was as quicker to send a ping (ICMP or TCP). Reply to your other question, yes that looks like someone looking for hosts running telnet. Cheers, Russell.
Current thread:
- Re: Socks port 1080, (continued)
- Re: Socks port 1080 Russell Fulton (Jan 20)
- I was scaned C. (Jan 20)
- Re: I was scaned Robert Graham (Jan 22)
- Re: I was scaned Jose Nazario (Jan 23)
- Re: I was scaned Gene Harris (Jan 23)
- Re: I was scaned Keith Owens (Jan 24)
- Got scaned again C. (Jan 24)
- ? C. (Jan 24)
- Re: ? Mike Tancsa (Jan 24)
- Re: ? Brock Sides (Jan 24)
- Re: unapproved AXFR Russell Fulton (Jan 24)
- No Idea CN (Jan 25)
- PC Anywhere client seems to probe class C of connected networks Troy Ablan (Jan 25)
- Re: PC Anywhere client seems to probe class C of connected networks Steve Ellermann (Jan 26)
- Re: PC Anywhere client seems to probe class C of connected networks Paul L Schmehl (Jan 26)
- Re: PC Anywhere client seems to probe class C of connected networks Jose Nazario (Jan 26)
- Anti-Death Penalty Robert Graham (Jan 26)
- Re: Anti-Death Penalty Derek Moeller (Jan 28)
- Re: Anti-Death Penalty Robert Graham (Jan 28)
- BOGUS.IvCD File Jonathan A. Zdziarski (Jan 26)
- Re: BOGUS.IvCD File Vanja Hrustic (Jan 27)