what is this weird unapproved update ? hack attempt or stupid w2k? please help...

Amir sorvih1 at isdn.net.il
Fri Jul 14 01:11:18 UTC 2000


yup.. thanks.. so now i have to see why is it sending all these annoying
packets...
thanks  ,
		amir


-----Original Message-----
From: kcd at daimlerchrysler.com [mailto:kcd at daimlerchrysler.com]
Sent: Friday, July 14, 2000 12:16 AM
To: bind-users at isc.org
Subject: Re: what is this weird unapproved update ? hack attempt or stupid
w2k? please help...



It's almost certainly a W2K box -- the 5/10/60 minute timing is
characteristically W2Kish. Whether it's an internal or an external W2K box,
is not 100% certain, but circumstantial evidence would probably point at
your
internal box. If your Linux box were correctly configured, it would reject
any 10.0.0.x source-addressed packets on its external interface, wouldn't
it?


- Kevin

Amir wrote:

> Hey all , i've been getting these weird update requests on my bind 8.2.2
> running
> under rh6.2 ... my linux is a multihomed (10.0.0.x is MASQ'ed through my
> linux)
> now my 10.0.0.1 is a windows 2000 advanced server , and 10.0.0.2 is the
> linux MASQer with bind
> serving all the local hosts... can this be a spoofed update request coming
> from the internet ?
> kyrandia is my local domain btw.. just something i wrote off the top of my
> mind.. it's not
> registered anywhere...
> thanks..
> Amir
>
> Jul 13 21:53:35 server named[592]: unapproved update from [10.0.0.1].4632
> for kyrandia
> Jul 13 21:53:35 server named[592]: unapproved update from [10.0.0.1].4637
> for 0.0.10.in-addr.arpa
> Jul 13 22:53:35 server named[592]: unapproved update from [10.0.0.1].4645
> for kyrandia
> Jul 13 22:53:35 server named[592]: unapproved update from [10.0.0.1].4650
> for 0.0.10.in-addr.arpa
> Jul 13 22:58:35 server named[592]: unapproved update from [10.0.0.1].4657
> for kyrandia
> Jul 13 22:58:35 server named[592]: unapproved update from [10.0.0.1].4662
> for 0.0.10.in-addr.arpa
> Jul 13 23:08:35 server named[592]: unapproved update from [10.0.0.1].4668
> for kyrandia
> Jul 13 23:08:35 server named[592]: unapproved update from [10.0.0.1].4673
> for 0.0.10.in-addr.arpa
> Jul 14 00:08:35 server named[592]: unapproved update from [10.0.0.1].4679
> for kyrandia
> Jul 14 00:08:35 server named[592]: unapproved update from [10.0.0.1].4684
> for 0.0.10.in-addr.arpa
> Jul 14 00:13:35 server named[592]: unapproved update from [10.0.0.1].4690
> for kyrandia
> Jul 14 00:13:35 server named[592]: unapproved update from [10.0.0.1].4695
> for 0.0.10.in-addr.arpa
> Jul 14 00:23:35 server named[592]: unapproved update from [10.0.0.1].4705
> for kyrandia
> Jul 14 00:23:35 server named[592]: unapproved update from [10.0.0.1].4710
> for 0.0.10.in-addr.arpa








More information about the bind-users mailing list