Lame server

[Jim Reid]

>>>>> "numpty" == numpty  <sa2500 at eclipse.co.uk> writes:

    numpty> I have seen these errors occasionaly in my logs but on
    numpty> advice from several sources ignored them.  However
    numpty> yesterday I was scanning through my firewall, snort and
    numpty> message logs and saw a failed attempt to log in via ftp
    numpty> with user root followed by a few seconds later 4 lame
    numpty> server errors from the same same IP as the attempted root
    numpty> login. The same IP had also port scanned me a few minutes
    numpty> previously.  So is there a BIND exploit that would
    numpty> generate these errors in the logs?

No. Lame delegation reports are caused by other people's incorrectly
configured name servers. Those servers are supposed to be
authoritative for some zone but aren't. This happens all the time: the
amount of DNS clue in the world appears to be finite. Port scanning or
probing for security weaknesses have nothing to do with lame
delegations. All you can infer from what you've seen is that the
script kiddie who has been poking about your network doesn't have
their DNS set up correctly. This should not be a surprise.