Date: Fri, 7 Aug 1998 17:59:02 +0100 From: "Greg Quinlan" <gquinlan@qmpgmc.ac.uk> To: "Greg Quinlan" <gquinlan@qmpgmc.ac.uk>, <freebsd-questions@FreeBSD.ORG> Subject: Re: MSCAN - named - Vulnerability Message-ID: <01bdc224$ad8f41e0$380051c2@greg.qmpgmc.ac.uk>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0043_01BDC22D.0F53A9E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Further to the message regarding MSCAN here is a transcipt from the = system log of someone overloading my name server and trying to hack my = system. If you are wondering who it was: cauchy.korea.ac.kr. Here is were named fell over. Aug 6 02:00:03 dns1 named[155]: named.3.81.194.rev: WARNING SOA retry = value is less then maintainance interval (300 < 900) Aug 6 02:00:03 dns1 named[155]: named.4.81.194.rev: WARNING SOA retry = value is less then maintainance interval (300 < 900) Aug 6 02:00:03 dns1 named[155]: named.5.81.194.rev: WARNING SOA retry = value is less then maintainance interval (300 < 900) Aug 6 02:00:03 dns1 named[155]: named.6.81.194.rev: WARNING SOA retry = value is less then maintainance interval (300 < 900) Aug 6 02:00:03 dns1 named[155]: named.7.81.194.rev: WARNING SOA retry = value is less then maintainance interval (300 < 900) Aug 6 02:00:03 dns1 named[155]: Ready to answer queries. Here is where they tried to hack something else?=20 Aug 6 02:53:54 dns1 popper[1292]: (v2.4b2) Unable to get canonical name = of client, err =3D 9 Aug 6 02:53:54 dns1 popper[1292]: @[164.138.210.56]: -ERR POP EOF = received Aug 6 02:53:58 dns1 popper[1294]: (v2.4b2) Unable to get canonical name = of client, err =3D 9 Aug 6 02:53:58 dns1 popper[1294]: @[164.138.210.56]: -ERR POP EOF = received Aug 6 02:55:06 dns1 popper[1302]: (v2.4b2) Unable to get canonical name = of client, err =3D 9 Aug 6 02:55:06 dns1 popper[1302]: @[164.138.210.56]: -ERR POP EOF = received Aug 6 02:55:10 dns1 popper[1304]: (v2.4b2) Unable to get canonical name = of client, err =3D 9 Aug 6 02:55:10 dns1 popper[1304]: @[164.138.210.56]: -ERR POP EOF = received Aug 6 02:59:36 dns1 popper[1310]: (v2.4b2) Unable to get canonical name = of client, err =3D 9 Aug 6 02:59:36 dns1 popper[1310]: @[164.138.210.56]: -ERR POP EOF = received Aug 6 02:59:43 dns1 popper[1312]: (v2.4b2) Unable to get canonical name = of client, err =3D 9 Aug 6 02:59:43 dns1 popper[1312]: @[164.138.210.56]: -ERR POP EOF = received Why do people bother? As If system administrators have not got enough to do! I'm now running bind 4.9.7 from http://www.isc.org/bind.html ------=_NextPart_000_0043_01BDC22D.0F53A9E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 = HTML//EN"><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <META content=3D'"MSHTML 4.71.1712.3"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT color=3D#000000><FONT size=3D3>Further to the message = regarding MSCAN=20 here is a transcipt from the system log of someone overloading my name = server=20 and trying to hack my system. </FONT></FONT><FONT size=3D3>If you are = wondering=20 who it was:</FONT></DIV> <DIV><FONT size=3D2></FONT> </DIV> <DIV>cauchy.korea.ac.kr.</DIV> <DIV> </DIV> <DIV>Here is were named fell over.<BR> </DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2><FONT size=3D1>Aug 6 02:00:03 = dns1=20 named[155]: named.3.81.194.rev: WARNING SOA retry value is less then=20 maintainance interval (300 < 900)<BR>Aug 6 02:00:03 dns1 = named[155]:=20 named.4.81.194.rev: WARNING SOA retry value is less then maintainance = interval=20 (300 < 900)<BR>Aug 6 02:00:03 dns1 named[155]: = named.5.81.194.rev:=20 WARNING SOA retry value is less then maintainance interval (300 <=20 900)<BR>Aug 6 02:00:03 dns1 named[155]: named.6.81.194.rev: = WARNING SOA=20 retry value is less then maintainance interval (300 < = 900)<BR>Aug 6=20 02:00:03 dns1 named[155]: named.7.81.194.rev: WARNING SOA retry value is = less=20 then maintainance interval (300 < 900)<BR>Aug 6 02:00:03 dns1=20 named[155]: Ready to answer queries.</FONT></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2><FONT = size=3D1></FONT></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2><FONT size=3D1><FONT size=3D3>Here = is where they=20 tried to hack something else?</FONT> <BR>Aug 6 02:53:54 dns1 = popper[1292]:=20 (v2.4b2) Unable to get canonical name of client, err =3D 9<BR>Aug = 6 02:53:54=20 dns1 popper[1292]: @[164.138.210.56]: -ERR POP EOF received<BR>Aug = 6=20 02:53:58 dns1 popper[1294]: (v2.4b2) Unable to get canonical name of = client, err=20 =3D 9<BR>Aug 6 02:53:58 dns1 popper[1294]: @[164.138.210.56]: -ERR = POP EOF=20 received<BR>Aug 6 02:55:06 dns1 popper[1302]: (v2.4b2) Unable to = get=20 canonical name of client, err =3D 9<BR>Aug 6 02:55:06 dns1 = popper[1302]:=20 @[164.138.210.56]: -ERR POP EOF received<BR>Aug 6 02:55:10 dns1=20 popper[1304]: (v2.4b2) Unable to get canonical name of client, err =3D=20 9<BR>Aug 6 02:55:10 dns1 popper[1304]: @[164.138.210.56]: -ERR POP = EOF=20 received<BR>Aug 6 02:59:36 dns1 popper[1310]: (v2.4b2) Unable to = get=20 canonical name of client, err =3D 9<BR>Aug 6 02:59:36 dns1 = popper[1310]:=20 @[164.138.210.56]: -ERR POP EOF received<BR>Aug 6 02:59:43 dns1=20 popper[1312]: (v2.4b2) Unable to get canonical name of client, err =3D=20 9<BR>Aug 6 02:59:43 dns1 popper[1312]: @[164.138.210.56]: -ERR POP = EOF=20 received<BR></FONT></FONT> </DIV> <DIV><FONT color=3D#000000 face=3D"" size=3D3>Why do people = bother?</FONT></DIV> <DIV> </DIV> <DIV>As If system administrators have not got enough to do!</DIV> <DIV> </DIV> <DIV>I'm now running bind 4.9.7 from <A=20 href=3D"http://www.isc.org/bind.html">http://www.isc.org/bind.html</A></D= IV> <DIV> </DIV> <DIV> </DIV></BODY></HTML> ------=_NextPart_000_0043_01BDC22D.0F53A9E0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01bdc224$ad8f41e0$380051c2>