Attacks?

[Barry Margolin]

In article <Pine.LNX.3.96.991110084535.18476B-100000 at haiphong.hacom.net>,
Bao C. Ha <bao at hacom.net> wrote:
>
>I have been contacted by another sysadmin about attacks from my name
>servers.  He sent me a log showing that about 10,000 lines of the
>following happening 4 hours:
>
>....
>"11/9/99,"      10:00:02        ", 216.104.140.6"       ", 209.70.52.2" ",
>Udp" ", 2036" ", 53"  ", -"   ", 0"   ", 209.70.52.3" ", -"   ",-,"
>....
>
>I am using bind 8.1.2.
>
>Is my name server compromised?

Without seeing the contents of the DNS packets, it's impossible to tell.
It could just be a runaway program in a loop trying to look something up.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.