R: DNS unapproved AXFR

[Andrea Vettori <av () TSERVICETLC NET>]

Hi all,

thank you for the aswers...

I've one more question:

How can these AXFR be caused by misconfigured name servers ?

For what I know about DNS the zone one system is authoritative for must be
coded in the named.conf file.

Thanks

--
Ing. Andrea Vettori
Inetronics
An Internet Centric Company


> -----Messaggio originale-----
> Da: Andrea Vettori [mailto:av () TSERVICETLC NET]
> Inviato: lunedì 21 agosto 2000 9.37
> A: INCIDENTS () SECURITYFOCUS COM
> Oggetto: DNS unapproved AXFR
>
>
> Hi,
>
> today I've noticed these lines in the logs (the ns allows 
> transfer only
> between the master and the slaves) :
>
> Aug 19 16:55:31 ns named[9119]: unapproved AXFR from 
> [140.233.20.99].1423
> for "euromacchine.it" (acl)
> Aug 19 16:56:30 ns named[9119]: unapproved AXFR from 
> [140.233.20.99].1503
> for "euromacchine.it" (acl)
> Aug 19 23:32:04 ns named[9119]: unapproved AXFR from 
> [203.75.204.245].1580
> for "simatengineering.it" (acl)
> Aug 19 23:59:57 ns named[9119]: unapproved AXFR from 
> [140.233.20.99].1460
> for "plas.it" (acl)
> Aug 20 00:51:10 ns named[9119]: unapproved AXFR from 
> [140.233.20.99].4574
> for "niceforyou.it" (acl)
>
> Can these prelude an attack on our primary DNS server ?
>
> And why the AXFR on that domains and not on the other (.it, 
> .com and .net)
> the server contains ?
>
> P.S.
>
> We receive one scan a day on the usual ports (IMAP, POP2, 
> > 1024, ecc.).
> Today someone has scan our servers for port 98 which iana 
> port numbers says
> it is bind to tacnews (that i don't know what is it).
>
>
> Thank you
>
> --
> Ing. Andrea Vettori
> Inetronics
> An Internet Centric Company