[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] A ton of lame servers in /var/log/messages Raq3
- Subject: [cobalt-security] A ton of lame servers in /var/log/messages Raq3
- From: "Dave" <maxdoubt@xxxxxx>
- Date: Sat, 6 Apr 2002 00:36:11 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hello all,
Usually a pretty quiet server. I received several Logcheck emails which have
numerous LAME server messages which I normally just ignore. However, I ran
tail and I see there are literally 1000's of them that are coming through
alphabetized? Looked at messages log for April 5th and there are over 1500:
<snip>...
Apr 5 22:32:18 ns named[351]: Lame server on 'aacm.com' (in 'aacm.com'?):
[211.232.149.47].53 'NS2.TWISTER.com'
Apr 5 22:32:18 ns named[351]: Lame server on 'aacm.com' (in 'aacm.com'?):
[64.49.211.88].53 'NS0.TWISTER.com'
Apr 5 22:32:18 ns named[351]: Lame server on 'aacm.com' (in 'aacm.com'?):
[211.232.149.40].53 'NS1.TWISTER.com'
Apr 5 22:32:18 ns named[351]: Lame server on 'aahh.com' (in 'aahh.com'?):
[216.21.234.25].53 'DNS29.NAMEBARGAIN.com'
Apr 5 22:32:18 ns named[351]: Lame server on 'aahh.com' (in 'aahh.com'?):
[216.21.226.25].53 'DNS30.NAMEBARGAIN.com'
Apr 5 22:32:23 ns named[351]: Lame server on 'aahha.com' (in 'aahha.com'?):
[212.160.67.252].53 'ELEET.WEBMEDIA.PL'
Apr 5 22:32:23 ns named[351]: Lame server on 'aahha.com' (in 'aahha.com'?):
[212.160.67.2].53 'GORDON.WEBMEDIA.PL'
Apr 5 22:32:23 ns named[351]: Lame server on 'aalive.com' (in 'aalive.com'?):
[130.101.183.31].53 'WORKSTAR.JOINTREE.com'
Apr 5 22:32:36 ns named[351]: Lame server on 'aalter.com' (in 'aalter.com'?):
[194.7.1.19].53 'AUTH00.NS.BE.UU.NET'
Apr 5 22:32:37 ns named[351]: Lame server on 'aalter.com' (in 'aalter.com'?):
[194.7.15.66].53 'AUTH50.NS.BE.UU.NET'
Apr 5 22:32:37 ns named[351]: Lame server on 'aardvarkmaps.com' (in
'aardvarkmaps.com'?): [207.158.192.40].53 'NS.NAMESERVERS.NET'
Apr 5 22:32:37 ns named[351]: Lame server on 'aardvarkmaps.com' (in
'aardvarkmaps.com'?): [209.41.31.13].53 'NS2.NAMESERVERS.NET'
Apr 5 22:32:37 ns named[351]: Lame server on 'aarentals.com' (in
'aarentals.com'?): [209.41.31.13].53 'NS2.NAMESERVERS.NET'
Apr 5 22:32:37 ns named[351]: Lame server on 'aarentals.com' (in
'aarentals.com'?): [209.41.31.14].53 'NS3.NAMESERVERS.NET'
Apr 5 22:32:37 ns named[351]: Lame server on 'aarentals.com' (in
'aarentals.com'?): [207.158.192.40].53 'NS.NAMESERVERS.NET'
Apr 5 22:32:51 ns named[351]: Lame server on 'aatron.com' (in 'aatron.com'?):
[128.121.101.19].53 'NS3.BEST.com'
Apr 5 22:32:51 ns named[351]: Lame server on 'aatron.com' (in 'aatron.com'?):
[128.121.101.11].53 'NS1.BEST.com'
Apr 5 22:32:51 ns named[351]: Lame server on 'aatron.com' (in 'aatron.com'?):
[161.58.9.11].53 'NS2.BEST.com'
Apr 5 22:32:52 ns named[351]: Lame server on 'abbeylife.com' (in
'abbeylife.com'?): [194.119.128.71].53 'NS1.HS0.U-NET.NET'
Apr 5 22:32:53 ns named[351]: Lame server on 'abbeylife.com' (in
'abbeylife.com'?): [194.119.128.70].53 'NS0.HS0.U-NET.NET'
Apr 5 22:32:56 ns named[351]: Lame server on 'aaysa.com' (in 'aaysa.com'?):
[210.221.137.200].53 'NS.LIVEDOMAIN.CO.KR'
Apr 5 22:33:00 ns named[351]: Lame server on 'aaysa.com' (in 'aaysa.com'?):
[211.233.36.79].53 'NS3.KOREADOMAIN.com'
Apr 5 22:33:06 ns named[351]: Lame server on 'abbotthep.com' (in
'abbotthep.com'?): [130.36.31.5].53 'ROSSNS2.ABBOTT.com'
Apr 5 22:33:06 ns named[351]: Lame server on 'abbotthep.com' (in
'abbotthep.com'?): [130.36.62.200].53 'ABTNS2.ABBOTT.com'
Apr 5 22:33:06 ns named[351]: Lame server on 'abbotthep.com' (in
'abbotthep.com'?): [130.36.31.4].53 'ROSSNS.ABBOTT.com'
Apr 5 22:33:06 ns named[351]: Lame server on 'abbotthep.com' (in
'abbotthep.com'?): [130.36.61.200].53 'ABTNS.ABBOTT.com'
Apr 5 22:33:08 ns named[351]: Lame server on 'abbotthematology.com' (in
'abbotthematology.com'?): [130.36.61.200].53 'ABTNS.ABBOTT.com'
Apr 5 22:33:08 ns named[351]: Lame server on 'abbotthematology.com' (in
'abbotthematology.com'?): [130.36.31.4].53 'ROSSNS.ABBOTT.com'
Apr 5 22:33:08 ns named[351]: Lame server on 'abbotthematology.com' (in
'abbotthematology.com'?): [130.36.62.200].53 'ABTNS2.ABBOTT.com'
Apr 5 22:33:08 ns named[351]: Lame server on 'abbotthematology.com' (in
'abbotthematology.com'?): [130.36.31.5].53 'ROSSNS2.ABBOTT.com'
This is just a small list from messages. I see the times are just seconds
apart. What is going on? Where to start? Also I saw this one several times:
Apr 5 03:28:53 ns named[351]: wrong ans. name (incoming.broadwing.net !=
incoming1.broadwing.net)
Which started around the same time. Any thoughts???
TIA,
Max~