unapproved update
Kevin Darcy
kcd at daimlerchrysler.com
Wed Nov 21 02:00:20 UTC 2001
Deb Aubut wrote:
> I understand about why unapproved updates happen, and how to stop
> logging them etc. My question is about the number after the ip of the
> offending machine:
> i.e.:
>
> [xxx.xx.xx.xx].1234
>
> What does it stand for? Is it a process id? Is it a port number? ???
Yes, it's a port number, as Cricket pointed out.
BTW, "unapproved update" in your logs is a sign that you're running a
version of BIND which is subject to root exploits. The newer BINDs say
"denied update". If you want to stick with BIND 8, you should upgrade to
BIND 8.2.5, or, if you want to move up to BIND 9, to BIND 9.1.3 (released
version) or BIND 9.2.0rc10 (release candidate version).
- Kevin
More information about the bind-users
mailing list