log file full of t-syr.com record!
Vishwas
ivishwas at gmail.com
Tue Jul 3 12:44:40 UTC 2007
Hi All,
My BIND log is full of following entries.
03-Jul-2007 20:10:48.352 queries: info: client 127.0.0.1#38736: query:
t-syr.com IN A +
03-Jul-2007 20:10:51.760 queries: info: client 127.0.0.1#38736: query:
164.80.32.60.in-addr.arpa IN PTR +
03-Jul-2007 20:10:51.761 queries: info: client 127.0.0.1#38736: query:
t-syr.com IN A +
03-Jul-2007 20:10:52.041 queries: info: client 127.0.0.1#38736: query:
164.80.32.60.in-addr.arpa IN PTR +
03-Jul-2007 20:10:52.042 queries: info: client 127.0.0.1#38736: query:
t-syr.com IN A +
03-Jul-2007 20:10:55.239 queries: info: client 127.0.0.1#38736: query:
164.80.32.60.in-addr.arpa IN PTR +
03-Jul-2007 20:10:55.241 queries: info: client 127.0.0.1#38736: query:
t-syr.com IN A +
03-Jul-2007 20:10:55.247 queries: info: client 127.0.0.1#38736: query:
164.80.32.60.in-addr.arpa IN PTR +
03-Jul-2007 20:10:55.249 queries: info: client 127.0.0.1#38736: query:
t-syr.com IN A +
03-Jul-2007 20:10:58.620 queries: info: client 127.0.0.1#38736: query:
164.80.32.60.in-addr.arpa IN PTR +
03-Jul-2007 20:10:58.621 queries: info: client 127.0.0.1#38737: query:
164.80.32.60.in-addr.arpa IN PTR +
03-Jul-2007 20:10:58.622 queries: info: client 127.0.0.1#38738: query:
t-syr.com IN A +
03-Jul-2007 20:10:58.624 queries: info: client 127.0.0.1#38739: query:
t-syr.com IN A +
The port numbers 387** are opened by user "bind".
This is giving me a feeling that may be my machine is compromised!?
Why should BIND daemon continuously ask for t-syr.com ?? Probably
these DNS query packets are spoofed packets. Any comments?
--
Best Regards,
Vishwas.
ivishwas.googlepages.com
I know quite certainly that I myself have no special talent;
curiosity, obsession and dogged endurance, combined with
self-criticism have brought me to my ideas. - Albert Einstein
More information about the bind-users
mailing list