[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SV: [cobalt-security] attackalert: Unknown Type
- Subject: SV: [cobalt-security] attackalert: Unknown Type
- From: "Kai Schantz, Euroweb" <kai@xxxxxxxxxx>
- Date: Fri, 22 Jun 2001 22:59:22 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I have done that long time ago.. and I have only allowed our 2 other
nameserver Ip to connect?? Thats what worrys me!
So whats up, you think? (there is no reason that this server shuld have any
use of our zones..)
Kai
-----Opprinnelig melding-----
Fra: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]På; vegne av Dean Hall
Sendt: 22. juni 2001 18:50
Til: cobalt-security@xxxxxxxxxxxxxxx
Emne: [cobalt-security] attackalert: Unknown Type
>
> I got a 3-4 like this, another strange thing in the log that day
> was alot of
> zone transfers to a ip not defined in my network setings! That should not
> happen..and what is an host belgium want with .no domain name info??
>
> Jun 20 14:51:15 www named[555]: approved AXFR from
> [212.68.195.60].2356 for
> "cats.no"
> Jun 20 14:51:15 www named[555]: zone transfer (AXFR) of "cats.no" (IN) to
> [212.68.195.60].2356
The GUI setup of the DNS service, by default, allows anyone to do a zone
transfer from your DNS server. To change this use the GUI.
Control Panel ==> services ==> DNS service parameters ==>add==>server
settings
In the Zone Transfer Access, enter the IP address of your secondary dns
server. That way only that system could request a zone transfer.
----
Dean Hall at Tactix ReEngineering ( dean@xxxxxxxxxx )
503 520-9699 http://www.tactix.com
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security