[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Lame Server messages

Subject: [cobalt-security] Lame Server messages
From: "Terrance Dwyer" <td@xxxxxxxx>
Date: Wed, 29 Aug 2001 13:23:08 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Sorry to bother everyone about this again, but it's getting worse and I
didn't get a response the last post.  The situation is this.  For a period
of time each day, most recently for 75 minutes, my RaQ3 is asked to process
bogus DNS requests for which it is not authoritative resulting in Lame
Server, Unexpected response, NS Query etc. error messages.  In a seventy
five minute period yesterday I received nearly a thousand error messages,
mostly lame server.  There are many referring, NS and target IP's listed in
these error messages, no rhyme nor reason that I can fathom, and none have
anything to do with the sites on this server.

These bursts of DNS activity happen only once or twice a day generally.
They are not spread out throughout the day, they're concentrated.  The
duration of activity varies but the number of requests has skyrocketed in
the past 10 days.

I checked other posts. Some suggested turning recursion off in named, which
I did - the error messages stopped, but so did client email (oops). I can
turn the logging of this type of error message off but that seems a bit like
shooting the messenger.

The big question is this? Are there security implications here.  Is someone
trying to bring down named for some reason? I'm not a expert on DNS or
security.  All responses are really appreciated.

Thanks

T. Dwyer
Indian Hill Media

Prev by Date: [cobalt-security] Re: Passwords
Next by Date: RE: [cobalt-security] RaQ2 Hacked within 1 day of being online
Previous by thread: [cobalt-security] Re: Passwords
Next by thread: RE: [cobalt-security] Lame Server messages

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index