are these BIND errors....
Gary Kline
kline at ns1.thought.org
Thu Jun 28 18:53:41 UTC 2001
On Thu, Jun 28, 2001 at 02:28:44PM -0400, James A Griffin wrote:
>
> Gary Kline wrote:
> >
> > On Thu, Jun 28, 2001 at 01:27:51PM -0400, James A Griffin wrote:
> > > Gary Kline wrote:
> [snip]
> > > >
> > > > Jun 27 22:18:15 tao /kernel: Connection attempt to UDP 216.39.168.248:53 from 216.136.204.119:53
> > > > Jun 27 22:18:15 tao /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:1123
> > > > Jun 27 22:21:09 tao /kernel: Connection attempt to UDP 216.39.168.248:53 from 207.224.243.50:53
> > > > Jun 27 22:21:09 tao /kernel: Connection attempt to UDP 216.39.168.248:53 from 207.224.243.50:53
> > > >
> > >
> > > No, it is some form of packet filter (firewall) or intrusion detection
> > > system (IDS) telling you about events. Port 53 is named and port
> > > 512/udp is biff.
> > >
> >
> > Strange thing is that I have no packet filtering going on
> > (( at least none that I have installed so far!)).
> >
> > What IDS could be reporting thses kind of Connection attempts?
> >
>
> I do not recognize the message format; use 'snort' myself. I thought it
> might be 'portsentry', but assuming the documentation is accurate, it
> uses a different format. Could it be from tcpwrappers or the new
> version (IIRC xinitd)? What operating system are you running?
>
I just upgraded to FreeBSD 4.3. In named.conf, I have lots of
logging {} categories set. Probably these attempt messages are
coming from there. I haven't grep'd thru the BIND9 code...
yet.
gary
>
--
Gary D. Kline kline at thought.org www.thought.org Public service Unix
More information about the bind-users
mailing list