[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Active System Attack
- Subject: Re: [cobalt-security] Active System Attack
- From: Bruce Timberlake <bruce@xxxxxxxxxx>
- Date: Tue, 11 Feb 2003 08:22:07 -0800
- Organization: BRTNet.org
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Can somebody explain what the following message in my Log Check
> reprt means. It has been appearing for the last 2 days, for one of
> my clients domains only. It has come from 2 separate IP addresses
>
> "Feb 11 08:59:09 ns named[419]: denied update from
> [xxx.xxx.xxx.xxx].1094 for "clientdomain.com" IN"
They are probably running a Windows 2000 machine that has DNS updating
enabled (it also means they have their network set up to have each
workstation directly querying remote DNS servers, instead of using a
caching DNS server within their own network first). The messages
you're seeing are more of a nuisance than a true problem.
If they go into their Network Settings in the "Advanced" section
there's a checkbox for DNS info updating or something (sorry, been so
long since I used Windows I don't remember exactly). If they uncheck
that box, that _should_ stop your messages...
And you might want to clue them in about caching DNS servers... ;)
- --
Bruce Timberlake
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+SSMvvLA2hUZ9kgwRAszHAJ91fo60Wp9OOr9ub+NtJUTN6SYg/ACfXsId
MAFLBnNKqq32x8sQ+eHSfiM=
=1GOv
-----END PGP SIGNATURE-----