Unexpected connetcion(TCP 53)
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Sun Oct 29 21:56:38 UTC 2000
This has been asked and answered twice by two different people.
Why do you ask it a third time?
Mark
>
> Hi users:
>
> Bind 8.2.2-p5 is working on Solaris 2.6 which is userd as
> DNS/WWW server.
>
> Now I found a strange phenomenon and want to make sure
> whether it causes from Bind 8.2.2-p5. or not.
>
> The phenomenon is that IDS detected a packet tried to
> connect from my server to Unknown Name server, directly.
>
> src host : My Server ( DNS, WWW )
> src port : High port
> dst host : ne3.europe.yahoo.com <-- "Unknown" server !
> dst port : 53 (tcp)
>
> I don't remember that I wrote "ne3...com" in my configuration.
> No such IP addr. (ne3....com) were found in the
> named.conf, /etc/named/*. or /etc/resolv.conf
>
> I tryed to find which process executed this connection using
> command like netstat, but I couldn't find it out.
>
> I haven't seen this phenomenon more than once, but
> I'm afraid something wrong happened on my server ....
>
> * Anyone have seen such a phenomenon ?
> -------------------------------------
> LAC Co., LTD.
> Matsuhiko Sroupaito
>
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list