Attacks?
Barry Margolin
barmar at bbnplanet.com
Wed Nov 10 14:55:39 UTC 1999
In article <Pine.LNX.3.96.991110084535.18476B-100000 at haiphong.hacom.net>,
Bao C. Ha <bao at hacom.net> wrote:
>
>I have been contacted by another sysadmin about attacks from my name
>servers. He sent me a log showing that about 10,000 lines of the
>following happening 4 hours:
>
>....
>"11/9/99," 10:00:02 ", 216.104.140.6" ", 209.70.52.2" ",
>Udp" ", 2036" ", 53" ", -" ", 0" ", 209.70.52.3" ", -" ",-,"
>....
>
>I am using bind 8.1.2.
>
>Is my name server compromised?
Without seeing the contents of the DNS packets, it's impossible to tell.
It could just be a runaway program in a loop trying to look something up.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list