Why does everyone think *I'm* a nameserver?

[Pete Ehlke]

On Fri, Mar 22, 2002 at 06:27:19PM -0800, Gregory J Smith wrote:
> 
> I've setup Bind 8.1 on my Redhat server purely for a local name cache
> for my local area network (with Win98 and Win2000 PCs).  The Redhat
> server is connected to the internet.
> 
You are running a version of BIND with known security flaws that allow
unautorized remote users to compromise your machine. Upgrade immediately.

> I've noticed that at times I get a flood of external sites trying to
> access the server port 53.  This is blocked and logged so nothing is
> getting through.  I've disabled the "register with DNS" option on the
> Win 2000 box.

All depends on the pattern of traffic. It may simply be the normal,
everyday background noise of portscanning activity on the internet. It
may be the case that at some time in the past, there was a name server
registered with the address your machine now has. Someone may have
actually added an NS record to some other domain using your machine's
address- and this may be either a typo or deliberate. You might be the
victim of a DNS Smurf attack. You may be being used as part of the
attack described at http://www.securiteam.com/exploits/5YP0E1F0KU.html

-Pete
-- 
"religious fanatics are not part of my desired user base." 
- djb at cr.yp.to