BIND unappproved updates

Thomas Kellar tkellar at fsp.fsp.com
Tue Feb 13 14:53:16 UTC 2001 


Can anyone give any helpful answers:

I have been receiving upapproved updates from a IP on concentric.net, now
xo.com and have been unable to get them to stop.  I have emailed
abuse at xo.com, (3X) abuse at concentric.net,postmaster at speerfulvio.com and my
ISP has done the same. They (xo) list a telephone number to call but
suggest not calling it.  This is BIND related because this seems to be a
misconfigured computer and BIND is distributed widely over Internet and
subject to misconfigured computers everywhere.  This is not the only IP
address I get unapproved updates from.  There is a cable modem that sends
them every so often too.  Does anyone have any idea what sort of
misconfiguration would cause someone to update my domain of fsp.com? It
does not look like a Win2K computer but what else does pcanywhere run on?

Thomas Kellar
-- 
w8twk   Freelance Systems Programming   http://www.fsp.com
------------------------------------------------------------------------
Feb 12 21:54:42 fsp named[7988]: unapproved update from [208.36.84.154].7525 for FSP.COM
Feb 12 21:54:48 fsp named[7988]: unapproved update from [208.36.84.154].3222 for FSP.COM
 [ ....   254 lines elided here .... ]
Feb 13 09:16:34 fsp named[7988]: unapproved update from [208.36.84.154].5587 for FSP.COM
Feb 13 09:17:45 fsp named[7988]: unapproved update from [208.36.84.154].4309 for FSP.COM

Starting nmap V. 2.52 by fyodor at insecure.org ( www.insecure.org/nmap/ )
Interesting ports on mail.speerfulvio.com (208.36.84.154):
(The 1515 ports scanned but not shown below are in state: closed)
Port       State       Service
23/tcp     open        telnet                  
25/tcp     open        smtp                    
80/tcp     open        http                    
110/tcp    open        pop-3                   
5631/tcp   open        pcanywheredata          

TCP Sequence Prediction: Class=trivial time dependency
                         Difficulty=5 (Trivial joke)
Remote operating system guess: Cisco Catalyst 1900 switch or Netopia DSL/ISDN router or Bay 450

Nmap run completed -- 1 IP address (1 host up) scanned in 21 seconds

More information about the bind-users mailing list