More Syslog interpretation

Jim Munro jim at ozbizweb.com.au
Thu Jan 6 15:09:01 UTC 2000 

Could somebody shed some light on this please? Is it some sort of attack?
The 254 address is the ip of the ethernet side of the router. Named was
restarted just prior or after this time because it seemed to be not
responding

Jan  6 23:58:21 ns2 named[810]: Lame server on '254.36.239.209.in-addr.arpa'
(in '36.239.209.IN-ADDR.ARPA'?): [209.239.47.252].53 'NS.ALABANZA.COM'
Jan  6 23:58:24 ns2 named[810]: bad referral (ARPA !<
47.239.209.IN-ADDR.ARPA)
Jan  6 23:58:24 ns2 last message repeated 17 times
Jan  6 23:58:45 ns2 named[810]: refused query on non-query socket from
[203.41.236.254].5459
Jan  6 23:58:51 ns2 last message repeated 2 times
Jan  7 00:00:31 ns2 named[810]: refused query on non-query socket from
[203.41.236.254].9190
Jan  7 00:00:37 ns2 last message repeated 2 times
Jan  7 00:03:50 ns2 named[810]: Lame server on '130.145.96.210.in-addr.arpa'
(in '145.96.210.IN-ADDR.ARPA'?): [164.124.101.31].53 'nis.dacom.co.kr'
Jan  7 00:05:23 ns2 named[810]: Lame server on '133.193.54.192.in-addr.arpa'
(in '193.54.192.IN-ADDR.ARPA'?): [192.93.0.4].53 'NS2.NIC.FR'
Jan  7 00:07:55 ns2 named[810]: ns_forw: query(150.37.250.128.in-addr.arpa)
NS points to CNAME (MUWAYA.ITS.UNIMELB.EDU.AU:)
Jan  7 00:27:24 ns2 named[810]: Lame server on '3.1.101.149.in-addr.arpa'
(in '101.149.IN-ADDR.ARPA'?): [38.8.93.2].53 'SEC2.DNS.PSI.NET'
Jan  7 00:27:25 ns2 named[810]: Lame server on '3.1.101.149.in-addr.arpa'
(in '101.149.IN-ADDR.ARPA'?): [38.8.92.2].53 'SEC1.DNS.PSI.NET'
Jan  7 00:40:50 ns2 named[810]: Lame server on '2.110.13.12.in-addr.arpa'
(in '110.13.12.IN-ADDR.ARPA'?): [12.127.16.70].53
'dmtu.mt.ns.els-gms.att.net'
Jan  7 00:40:50 ns2 named[810]: Lame server on '2.110.13.12.in-addr.arpa'
(in '110.13.12.IN-ADDR.ARPA'?): [199.191.128.106].53
'dbru.br.ns.els-gms.att.net'
Jan  7 00:50:42 ns2 named[810]: Lame server on '5.184.253.204.in-addr.arpa'
(in '184.253.204.IN-ADDR.ARPA'?): [137.39.1.3].53 'NS.uu.net'
Jan  7 00:53:49 ns2 named[810]: Cleaned cache of 11 RRs
Jan  7 00:53:49 ns2 named[810]: USAGE 947166829 947163229 CPU=0.47u/0.22s
CHILDCPU=0u/0s
Jan  7 00:53:49 ns2 named[810]: NSTATS 947166829
947163229A=89SOA=12PTR=346ANY=1
Jan  7 00:53:49 ns2 named[810]: XSTATS 947166829 947163229 RR=612 RNXD=7
RFwdR=324 RDupR=2 RFail=4 RFErr=0 RErr=0 RAXFR=0 RLame=8 ROpts=0 SSysQ=224
SAns=207 SFwdQ=245 SDupQ=72 SErr=0 RQ=466 RIQ=0 RFwdQ=0 RDupQ=4 RTCP=18
SFwdR=324 SFail=0 SFErr=0 SNaAns=8 SNXD=10

More information about the bind-users mailing list