[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Intermittent DNS failure or hack or what??
- Subject: Re: [cobalt-security] Intermittent DNS failure or hack or what??
- From: "Rick Ewart" <cobalt@xxxxxxxxx>
- Date: Thu, 10 May 2001 08:36:28 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
shimi wrote:
>On Thu, 10 May 2001, Simon
Wilson wrote:
>
>[snip]
>> server. It will be ok for 30 mins then it
won't work and they get 'Cannot find
>> server or DNS Error' page. We
have done trace routes at this time and they are fine.
>> Pinging the
machine is fine. The server admin browser pages always work during
>>
this time but not the sites. Any ideas?
>
>"Cannot find server or DNS Error" is a very
common error in MSIE - that's
>why I don't use it - it's simply
horrible.
>
>A real test, to see if the web server responds,
is to open a Telnet
>session to the site's address, on port
80.
I get the same thing from time to time. Usually my
machine just didn't get the DNS tranlation properly as my ISP or dial-up
connection was being a pain. Unfortunately the bad DNS info gets cached and
drives me nuts for a while, although everyone else sees things
fine.
I have a program that I use to test my server
- its a "network discovery" program [translation - hacking tool]. But this one
costs money so its not a "normal" hacking tool. :)
<commercial for program I have no stock
in>
The program NetScan Tools Pro 2000 (www.nwpsw.com) - got it on the advice
of some security book I was reading. What's nice about it is that you can do
pings, traceroutes, port scans, DNS lookups, relay tests, and a whole bunch of
stuff on it from one Win based program. There are a lot of them out there (and
many are free), this just happens to be the one I ended up with.
</end commercial>
Anyhow, I tell this program to use my server's DNS
server and test the domains. If they are resolving correctly, all is well (also
nice for testing whether you remembered to put in DNS entries for domain.com and
www.domain.com). It that works, and I
can browse a site via the IP address, I figure all is well. I have found a lot
of uses for this (i.e. testing port sentry by using dial-up then running port
scan and watching it kill me off - note: don't do via fixed IP address or u
will get locked out for good, and don't forget to remove that entry from
ipchains either). You can also use it to verify that pop-before-smtp is ok,
HTH,
Rick