[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Approved AFXR
- Subject: Re: [cobalt-security] Approved AFXR
- From: Nico Meijer <nico.meijer@xxxxxxxxx>
- Date: Tue, 12 Mar 2002 15:04:57 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
> This is something I have touched on before, but don't seem to have it quite
> sorted.
You're not alone; many big ISPs don't even have their DNS straightened out.
> The message below came from Log Check. I was told that if I entered
> in my dns information into the "Server Settings" of the DNS records for the
> domain of my Raq4 through the GUI, that AXFR tranfers from other sources
> would not be approved.
I stumbled over that last sentence many times (must be my bad), but I think I get your point.
You should enter all IPs in the DNS settings page that are allowed to transfer domains from your box; most notably any secondary DNS machine. # if I recall correctly
There has been discussion here with regards to an extra empty line (<CR> / <LF>; whatever) in that textbox. If it's there, remove it and restart the DNS server just in case.
Then there's discussion in general: is there any point in blocking zone transfers, since "DNS data" is something public? I think there is a point, but I'm not willing to discuss it here as it's *way* OT. ;-)
> In a later message from Log Check I received the following message:
>
> Mar 10 18:33:46 ns proftpd[31376]: 212.67.197.38
> (168.160.112.65[168.160.112.65]) - FTP session opened.
Did you see a "FTP session closed" a couple seconds later? Prolly someone checking for anonymous ftp sites, but you're never sure.
Does logcheck report all ftp sessions?
> Note the same IP address, 168.160.112.65. Should I be concerned?
Always! :-)
Good luck... Nico