Unexpected connection (TCP 53)
m.saitoh at lac.co.jp
m.saitoh at lac.co.jp
Sun Oct 29 09:33:58 UTC 2000
Hi users:
Bind 8.2.2-p5 is working on Solaris 2.6 which is userd as
DNS/WWW server.
Now I found a strange phenomenon and want to make sure
whether it causes from Bind 8.2.2-p5. or not.
The phenomenon is that IDS detected a packet tried to
connect from my server to Unknown Name server, directly.
src host : My Server ( DNS, WWW )
src port : High port
dst host : ne3.europe.yahoo.com <-- "Unknown" server !
dst port : 53 (tcp)
I don't remember that I wrote "ne3...com" in my configuration.
No such IP addr. (of ne3....com) were found in the
named.conf, /etc/named/*. or /etc/resolv.conf
I tryed to find which process executed this connection using
command like netstat, but I couldn't find it out.
(because connection had already closed)
I haven't seen this phenomenon more than once, but
I'm afraid something wrong happened on my server ....
* Anyone have seen such a phenomenon ?
-------------------------------------
LAC Co., LTD.
Matsuhiko Sroupaito
More information about the bind-users
mailing list