Date: Fri, 7 Aug 1998 17:59:02 +0100 From: "Greg Quinlan" <gquinlan@qmpgmc.ac.uk> To: "Greg Quinlan" <gquinlan@qmpgmc.ac.uk>, <freebsd-questions@FreeBSD.ORG> Subject: Re: MSCAN - named - Vulnerability Message-ID: <01bdc224$ad8f41e0$380051c2@greg.qmpgmc.ac.uk>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Further to the message regarding MSCAN here is a transcipt from the system log of someone overloading my name server and trying to hack my system. If you are wondering who it was: cauchy.korea.ac.kr. Here is were named fell over. Aug 6 02:00:03 dns1 named[155]: named.3.81.194.rev: WARNING SOA retry value is less then maintainance interval (300 < 900) Aug 6 02:00:03 dns1 named[155]: named.4.81.194.rev: WARNING SOA retry value is less then maintainance interval (300 < 900) Aug 6 02:00:03 dns1 named[155]: named.5.81.194.rev: WARNING SOA retry value is less then maintainance interval (300 < 900) Aug 6 02:00:03 dns1 named[155]: named.6.81.194.rev: WARNING SOA retry value is less then maintainance interval (300 < 900) Aug 6 02:00:03 dns1 named[155]: named.7.81.194.rev: WARNING SOA retry value is less then maintainance interval (300 < 900) Aug 6 02:00:03 dns1 named[155]: Ready to answer queries. Here is where they tried to hack something else? Aug 6 02:53:54 dns1 popper[1292]: (v2.4b2) Unable to get canonical name of client, err = 9 Aug 6 02:53:54 dns1 popper[1292]: @[164.138.210.56]: -ERR POP EOF received Aug 6 02:53:58 dns1 popper[1294]: (v2.4b2) Unable to get canonical name of client, err = 9 Aug 6 02:53:58 dns1 popper[1294]: @[164.138.210.56]: -ERR POP EOF received Aug 6 02:55:06 dns1 popper[1302]: (v2.4b2) Unable to get canonical name of client, err = 9 Aug 6 02:55:06 dns1 popper[1302]: @[164.138.210.56]: -ERR POP EOF received Aug 6 02:55:10 dns1 popper[1304]: (v2.4b2) Unable to get canonical name of client, err = 9 Aug 6 02:55:10 dns1 popper[1304]: @[164.138.210.56]: -ERR POP EOF received Aug 6 02:59:36 dns1 popper[1310]: (v2.4b2) Unable to get canonical name of client, err = 9 Aug 6 02:59:36 dns1 popper[1310]: @[164.138.210.56]: -ERR POP EOF received Aug 6 02:59:43 dns1 popper[1312]: (v2.4b2) Unable to get canonical name of client, err = 9 Aug 6 02:59:43 dns1 popper[1312]: @[164.138.210.56]: -ERR POP EOF received Why do people bother? As If system administrators have not got enough to do! I'm now running bind 4.9.7 from http://www.isc.org/bind.html [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=text/html;charset=iso-8859-1 http-equiv=Content-Type><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <META content='"MSHTML 4.71.1712.3"' name=GENERATOR> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT color=#000000><FONT size=3>Further to the message regarding MSCAN here is a transcipt from the system log of someone overloading my name server and trying to hack my system. </FONT></FONT><FONT size=3>If you are wondering who it was:</FONT></DIV> <DIV><FONT size=2></FONT> </DIV> <DIV>cauchy.korea.ac.kr.</DIV> <DIV> </DIV> <DIV>Here is were named fell over.<BR> </DIV> <DIV><FONT color=#000000 size=2></FONT> </DIV> <DIV><FONT color=#000000 size=2><FONT size=1>Aug 6 02:00:03 dns1 named[155]: named.3.81.194.rev: WARNING SOA retry value is less then maintainance interval (300 < 900)<BR>Aug 6 02:00:03 dns1 named[155]: named.4.81.194.rev: WARNING SOA retry value is less then maintainance interval (300 < 900)<BR>Aug 6 02:00:03 dns1 named[155]: named.5.81.194.rev: WARNING SOA retry value is less then maintainance interval (300 < 900)<BR>Aug 6 02:00:03 dns1 named[155]: named.6.81.194.rev: WARNING SOA retry value is less then maintainance interval (300 < 900)<BR>Aug 6 02:00:03 dns1 named[155]: named.7.81.194.rev: WARNING SOA retry value is less then maintainance interval (300 < 900)<BR>Aug 6 02:00:03 dns1 named[155]: Ready to answer queries.</FONT></FONT> </DIV> <DIV><FONT color=#000000 size=2><FONT size=1></FONT></FONT> </DIV> <DIV><FONT color=#000000 size=2><FONT size=1><FONT size=3>Here is where they tried to hack something else?</FONT> <BR>Aug 6 02:53:54 dns1 popper[1292]: (v2.4b2) Unable to get canonical name of client, err = 9<BR>Aug 6 02:53:54 dns1 popper[1292]: @[164.138.210.56]: -ERR POP EOF received<BR>Aug 6 02:53:58 dns1 popper[1294]: (v2.4b2) Unable to get canonical name of client, err = 9<BR>Aug 6 02:53:58 dns1 popper[1294]: @[164.138.210.56]: -ERR POP EOF received<BR>Aug 6 02:55:06 dns1 popper[1302]: (v2.4b2) Unable to get canonical name of client, err = 9<BR>Aug 6 02:55:06 dns1 popper[1302]: @[164.138.210.56]: -ERR POP EOF received<BR>Aug 6 02:55:10 dns1 popper[1304]: (v2.4b2) Unable to get canonical name of client, err = 9<BR>Aug 6 02:55:10 dns1 popper[1304]: @[164.138.210.56]: -ERR POP EOF received<BR>Aug 6 02:59:36 dns1 popper[1310]: (v2.4b2) Unable to get canonical name of client, err = 9<BR>Aug 6 02:59:36 dns1 popper[1310]: @[164.138.210.56]: -ERR POP EOF received<BR>Aug 6 02:59:43 dns1 popper[1312]: (v2.4b2) Unable to get canonical name of client, err = 9<BR>Aug 6 02:59:43 dns1 popper[1312]: @[164.138.210.56]: -ERR POP EOF received<BR></FONT></FONT> </DIV> <DIV><FONT color=#000000 face="" size=3>Why do people bother?</FONT></DIV> <DIV> </DIV> <DIV>As If system administrators have not got enough to do!</DIV> <DIV> </DIV> <DIV>I'm now running bind 4.9.7 from <A href="http://www.isc.org/bind.html">http://www.isc.org/bind.html</A></DIV>; <DIV> </DIV> <DIV> </DIV></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01bdc224$ad8f41e0$380051c2>