Possible System Compromise
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Feb 7 21:32:30 UTC 2001
> My thanks to those who responded and explained what is
> most likely happening. I remember reading something to the
> effect that modern bind used unprivileged port numbers, but I wasn't
> sure why anybody would complain. If they are set up to play by
> the rules of bind-4, then I am sure these high-numbered ports
> look like terrorism, for sure in the firewall log.
>
> Martin McCormick
>
The problem was that you were querying that server and they
wern't expecting you too. The IP address was being rejected
not the port.
Feb 7 00:34:54 athena named[2658]: denied query from [ouraddress].42061
for "anothersystem"
Now you need to work out why your server queried there server.
The usual cause is a bad delegation. However it could also
be someone running dig/nslookup on your machine.
Mark
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list