are these BIND errors....
James A Griffin
agriffin at cpcug.org
Thu Jun 28 18:28:44 UTC 2001
Gary Kline wrote:
>
> On Thu, Jun 28, 2001 at 01:27:51PM -0400, James A Griffin wrote:
> > Gary Kline wrote:
[snip]
> > >
> > > Jun 27 22:18:15 tao /kernel: Connection attempt to UDP 216.39.168.248:53 from 216.136.204.119:53
> > > Jun 27 22:18:15 tao /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:1123
> > > Jun 27 22:21:09 tao /kernel: Connection attempt to UDP 216.39.168.248:53 from 207.224.243.50:53
> > > Jun 27 22:21:09 tao /kernel: Connection attempt to UDP 216.39.168.248:53 from 207.224.243.50:53
> > >
> >
> > No, it is some form of packet filter (firewall) or intrusion detection
> > system (IDS) telling you about events. Port 53 is named and port
> > 512/udp is biff.
> >
>
> Strange thing is that I have no packet filtering going on
> (( at least none that I have installed so far!)).
>
> What IDS could be reporting thses kind of Connection attempts?
>
I do not recognize the message format; use 'snort' myself. I thought it
might be 'portsentry', but assuming the documentation is accurate, it
uses a different format. Could it be from tcpwrappers or the new
version (IIRC xinitd)? What operating system are you running?
Jim
More information about the bind-users
mailing list