Possible System Compromise
Martin McCormick
martin at dc.cis.okstate.edu
Wed Feb 7 14:37:15 UTC 2001
We have gotten two complaints regarding traffic from a name
server in our domain sending queries on port 42061.
Does this have anything to do with bind or is it possibly
some other service on the system that has been compromised?
I have replaced our server address with the words
ouraddress and the victim system with the name "anothersystem"
The log entry we were sent looked
like:
Feb 7 00:34:54 athena named[2658]: denied query from [ouraddress].42061
for "anothersystem"
Port 42061 doesn't ring any bells, but maybe someone may
recognize what it is.
Martin McCormick 405 744-7572 Stillwater, OK
OSU Center for Computing and Information services Data Communications Group
More information about the bind-users
mailing list