[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Intermittent DNS failure or hack or what??

Subject: Re: [cobalt-security] Intermittent DNS failure or hack or what??
From: "support" <satan@xxxxxxxxxxxxxxxx>
Date: Thu, 10 May 2001 11:09:06 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

First of all try to access by IP to isolated if the web server have problem
or dns is the problem.
Can be dns or web server that dont catch up the domain name! if everything
work fine for both, you should verify your network, firewall ? proxy etc !!!
Do you access the server from the same network ?

If  IP return the web site, you should look more in "dns", if it dont look
in "web server"

How about email ??? is mail are successfully delivered to/by your server?

Be sure the dns you use are working fine.

Admin page will always work, ip or domain name !!
You can also take a look at you log file, maybe some interesting information
can be found there regarding the type of connect error your server get .

Stephen
satan@xxxxxxxxxxxxxxxx


----- Original Message -----
From: "Simon Wilson" <simon@xxxxxxxxxxxxx>
To: "Cobalt-Security@List. Cobalt. Com" <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Thursday, May 10, 2001 10:28 AM
Subject: [cobalt-security] Intermittent DNS failure or hack or what??


> Apologies in advance if this isn't posted in quite the right group. I am
> not sure if this a DNS problem or a security issue.
>
> For the past two days people are intermittently unable to browse sites on
> our
> server. It will be ok for 30 mins then it won't work and they get 'Cannot
> find
> server or DNS Error' page. We have done trace routes at this time and they
> are fine.
> Pinging the machine is fine. The server admin browser pages always work
> during
> this time but not the sites. Any ideas?
> We did the RaQ4-All-Security-1.0.1-10098.pkg and the
> RaQ4-All-Security-1.0.1-10014.pkg
> yesterday. Could it be this causing a problem?
>
> I wonder whether we have been hacked in some form. The only suspicious
> report recently
> from logcheck that I don't understand was this:
>
> May  5 02:14:16 ns1 named[376]: Lame server on
'155.218.53.216.in-addr.arpa'
> (in '218.53.216.in-addr.arpa'?): [216.53.130.3].53 'NS2.MPINET.NET'
>
> Basically I don't what's going on and not surprisingly my co-location
people
> say that
> nothing is wrong.... Help please...before a client notices.
>
> Simon Wilson
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

References:
- [cobalt-security] Intermittent DNS failure or hack or what??
  - From: Simon Wilson

Prev by Date: [cobalt-security] Intermittent DNS failure or hack or what??
Next by Date: Re: [cobalt-security] Intermittent DNS failure or hack or what??
Previous by thread: [cobalt-security] Intermittent DNS failure or hack or what??
Next by thread: Re: [cobalt-security] Intermittent DNS failure or hack or what??

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index