[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] named[9240] , proftpd[1308 and telnetd[1312]
- Subject: [cobalt-security] named[9240] , proftpd[1308 and telnetd[1312]
- From: "Kai Schantz, Euroweb" <kai@xxxxxxxxxx>
- Date: Wed, 14 Mar 2001 07:42:08 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi, everybody
In a log going back to 10 feb that i had downloaded to my pc, i found that
it was full of records loke this:
Feb 10 06:56:53 www named[9240]: Cleaned cache of 196 RRsets
Feb 10 06:56:53 www named[9240]: USAGE 981784613 981587182 CPU=51.1u/37.41s
CHILDCPU=43.88u/67.6s
Feb 10 06:56:53 www named[9240]: NSTATS 981784613 981587182 A=13986 NS=4
CNAME=64 SOA=12947 PTR=33510 MX=2950 TXT=88 AAAA=50 SRV=125 38=1 AXFR=60
ANY=8364
Feb 10 06:56:53 www named[9240]: XSTATS 981784613 981587182 RR=33964
RNXD=2314 RFwdR=20690 RDupR=9 RFail=146 RFErr=0 RErr=9 RAXFR=60 RLame=459
ROpts=0 SSysQ=15561 SAns=70110 SFwdQ=18534 SDupQ=15653 SErr=0 RQ=74759
RIQ=94 RFwdQ=18534 RDupQ=145 RTCP=4787 SFwdR=20690 SFail=1 SFErr=0
SNaAns=34946 SNXD=7552 RUQ=0 RURQ=0 RUXFR=0 RUUpd=879
Feb 10 06:57:06 www named[9240]: Err/TO getting serial# for "webavec.com"
Feb 10 06:57:18 www named[9240]: Err/TO getting serial# for "wayout.org"
Feb 10 06:58:19 www named[9240]: Err/TO getting serial# for
"dirtypositions.com"
Feb 10 06:58:48 www named[9240]: Err/TO getting serial# for
"mortenbrandt.com"
Feb 10 06:59:20 www named[9240]: Err/TO getting serial# for
"mortenbrandt.no"
Feb 10 06:59:37 www named[9240]: Err/TO getting serial# for "millanium.org"
Feb 10 06:59:57 www named[9240]: Err/TO getting serial# for
"effektivbedrift.no"
Feb 10 07:00:05 www modprobe: can't locate module net-pf-10
Feb 10 07:00:05 www kernel: family 10 not registered
Feb 10 07:00:18 www named[9240]: Err/TO getting serial# for "namdal.net"
Feb 10 07:00:21 www proftpd[1308]: www.euroweb.no (localhost[127.0.0.1]) -
FTP session closed.
Feb 10 07:00:31 www telnetd[1312]: ttloop: read: Broken pipe
Feb 10 07:00:40 www named[9240]: Err/TO getting serial# for
"mrpositions.com"
Feb 10 07:01:15 www named[9240]: Err/TO getting serial# for
"crpositions.com"
Feb 10 07:01:32 www named[9240]: Err/TO getting serial# for
"jimmytravel.net"
Feb 10 07:01:40 www named[9240]: Err/TO getting serial# for "meditasjon.no"
Feb 10 07:01:47 www named[9240]: Err/TO getting serial# for "vestvik.as"
Could this have somthing to do with my raq3 beeing hacked? Maybe first hack
was already back then. I also rember that around that time my network
suplier had to disconect themy raq3 becuse it constantely had very large
"bootp" traffic. that blocked the rest of the network.
Does this log make sombody get a clue? (I am a newbi and my head is not
doing so good, after going thru logs and looking for ghosts/hacks that I
dont realy have the knowledge for doing)
regards
Vennlig hilsen
Kai R Schantz
Euroweb AS
Verksgaten 42
N-4013 Stavanger
Tlf:+47 51 89 64 64 fax:+47 51 89 56 41
www.euroweb.no