what is this weird unapproved update ? hack attempt or stupid w2k? please help...
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Fri Jul 14 01:30:14 UTC 2000
>
> yup.. thanks.. so now i have to see why is it sending all these annoying
> packets...
> thanks ,
> amir
Because you havn't told them not too. The archives contain
directions on how to turn this off as does, I'm sure, the MS
Knowledge Base.
Mark
>
>
> -----Original Message-----
> From: kcd at daimlerchrysler.com [mailto:kcd at daimlerchrysler.com]
> Sent: Friday, July 14, 2000 12:16 AM
> To: bind-users at isc.org
> Subject: Re: what is this weird unapproved update ? hack attempt or stupid
> w2k? please help...
>
>
>
> It's almost certainly a W2K box -- the 5/10/60 minute timing is
> characteristically W2Kish. Whether it's an internal or an external W2K box,
> is not 100% certain, but circumstantial evidence would probably point at
> your
> internal box. If your Linux box were correctly configured, it would reject
> any 10.0.0.x source-addressed packets on its external interface, wouldn't
> it?
>
>
> - Kevin
>
> Amir wrote:
>
> > Hey all , i've been getting these weird update requests on my bind 8.2.2
> > running
> > under rh6.2 ... my linux is a multihomed (10.0.0.x is MASQ'ed through my
> > linux)
> > now my 10.0.0.1 is a windows 2000 advanced server , and 10.0.0.2 is the
> > linux MASQer with bind
> > serving all the local hosts... can this be a spoofed update request coming
> > from the internet ?
> > kyrandia is my local domain btw.. just something i wrote off the top of my
> > mind.. it's not
> > registered anywhere...
> > thanks..
> > Amir
> >
> > Jul 13 21:53:35 server named[592]: unapproved update from [10.0.0.1].4632
> > for kyrandia
> > Jul 13 21:53:35 server named[592]: unapproved update from [10.0.0.1].4637
> > for 0.0.10.in-addr.arpa
> > Jul 13 22:53:35 server named[592]: unapproved update from [10.0.0.1].4645
> > for kyrandia
> > Jul 13 22:53:35 server named[592]: unapproved update from [10.0.0.1].4650
> > for 0.0.10.in-addr.arpa
> > Jul 13 22:58:35 server named[592]: unapproved update from [10.0.0.1].4657
> > for kyrandia
> > Jul 13 22:58:35 server named[592]: unapproved update from [10.0.0.1].4662
> > for 0.0.10.in-addr.arpa
> > Jul 13 23:08:35 server named[592]: unapproved update from [10.0.0.1].4668
> > for kyrandia
> > Jul 13 23:08:35 server named[592]: unapproved update from [10.0.0.1].4673
> > for 0.0.10.in-addr.arpa
> > Jul 14 00:08:35 server named[592]: unapproved update from [10.0.0.1].4679
> > for kyrandia
> > Jul 14 00:08:35 server named[592]: unapproved update from [10.0.0.1].4684
> > for 0.0.10.in-addr.arpa
> > Jul 14 00:13:35 server named[592]: unapproved update from [10.0.0.1].4690
> > for kyrandia
> > Jul 14 00:13:35 server named[592]: unapproved update from [10.0.0.1].4695
> > for 0.0.10.in-addr.arpa
> > Jul 14 00:23:35 server named[592]: unapproved update from [10.0.0.1].4705
> > for kyrandia
> > Jul 14 00:23:35 server named[592]: unapproved update from [10.0.0.1].4710
> > for 0.0.10.in-addr.arpa
>
>
>
>
>
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list