Curious log entries
Jim Reid
jim at mpn.cp.philips.com
Thu Aug 26 09:34:02 UTC 1999
>>>>> "Kelsey" == Kelsey Cummings <kc at neteze.com> writes:
Kelsey> I recent noticed these entries (there are more) in my
Kelsey> syslogs. I curious if this could be the a DOS attack or
Kelsey> just someone poking around. Should I be concerned?
Kelsey> Aug 25 11:58:56 athena named[80321]: unapproved update from [209.204.145.52].4593 for 145.204.209.in-addr.arpa
Kelsey> Aug 25 12:08:58 athena named[80321]: unapproved update from [209.204.145.52].4644 for 145.204.209.in-addr.arpa
The host with IP address 209.204.145.52 is sending dynamic DNS update
requests to your name server. This is probably running a beta version
of W2K, but you should check this out. You probably don't want to
allow dynamic DNS so anything that generates these requests needs to
be checked. It could be a naive user playing with W2K. OTOH it could
be someone trying to compromise your name server (or testing how awake
you are to security alerts).
More information about the bind-users
mailing list