[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] dns on a RaQ4r
- Subject: [cobalt-security] dns on a RaQ4r
- From: David Lucas <david@xxxxxxxxxxxxxxxx>
- Date: Thu, 17 Apr 2003 23:09:04 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Can anyone explain the following in my log?
Apr 17 20:05:02 www sendmail[17236]: h3I151W17236: 6696216150.hostnoc.net
[66.96.216.150] (may be forged): HELO/EHLO attack?
Apr 17 15:04:37 www named[480]: bad referral (158.24.in-addr.arpa !<
235.158.24.in-addr.arpa) from [24.196.17.8].53
Apr 17 21:34:20 www named[480]: Request IXFR from [64.81.117.120].1029
Apr 17 21:34:20 www named[480]: approved IXFR/AXFR from
[64.81.117.120].1029 for "doublebassshop.com"
Apr 17 18:12:51 www named[480]: Lame server on '66.218.94.64.in-addr.arpa'
(in '218.94.64.in-addr.arpa'?): [216.52.97.33].53 'ns2.ocy.pnap.net'
Apr 17 16:09:07 www named[480]: Lame server on '45.16.245.213.in-addr.arpa'
(in '16.245.213.in-addr.arpa'?): [193.0.0.193].53 'ns.ripe.net'
Apr 17 12:46:13 www named[480]: Lame server on '70.247.65.67.in-addr.arpa'
(in '247.65.67.in-addr.arpa'?): [151.164.1.1].53 'ns1.swbell.net'
Do I take it the first is a sendmail attach?... If so, is there anything I
can do about it?
Is the third just a normal update for DNS? I think it is doing to often if so.
Are the fourth group just misconfigured servers? (not mine?)
second one, I'm totally lost
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.