Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 7 Aug 1998 17:59:02 +0100
From:      "Greg Quinlan" <gquinlan@qmpgmc.ac.uk>
To:        "Greg Quinlan" <gquinlan@qmpgmc.ac.uk>, <freebsd-questions@FreeBSD.ORG>
Subject:   Re: MSCAN - named - Vulnerability
Message-ID:  <01bdc224$ad8f41e0$380051c2@greg.qmpgmc.ac.uk>
next in thread | raw e-mail | index | archive | help 
This is a multi-part message in MIME format.

------=_NextPart_000_0043_01BDC22D.0F53A9E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Further to the message regarding MSCAN here is a transcipt from the =
system log of someone overloading my name server and trying to hack my =
system. If you are wondering who it was:

cauchy.korea.ac.kr.

Here is were named fell over.


Aug  6 02:00:03 dns1 named[155]: named.3.81.194.rev: WARNING SOA retry =
value is less then maintainance interval (300 < 900)
Aug  6 02:00:03 dns1 named[155]: named.4.81.194.rev: WARNING SOA retry =
value is less then maintainance interval (300 < 900)
Aug  6 02:00:03 dns1 named[155]: named.5.81.194.rev: WARNING SOA retry =
value is less then maintainance interval (300 < 900)
Aug  6 02:00:03 dns1 named[155]: named.6.81.194.rev: WARNING SOA retry =
value is less then maintainance interval (300 < 900)
Aug  6 02:00:03 dns1 named[155]: named.7.81.194.rev: WARNING SOA retry =
value is less then maintainance interval (300 < 900)
Aug  6 02:00:03 dns1 named[155]: Ready to answer queries.

Here is where they tried to hack something else?=20
Aug  6 02:53:54 dns1 popper[1292]: (v2.4b2) Unable to get canonical name =
of client, err =3D 9
Aug  6 02:53:54 dns1 popper[1292]: @[164.138.210.56]: -ERR POP EOF =
received
Aug  6 02:53:58 dns1 popper[1294]: (v2.4b2) Unable to get canonical name =
of client, err =3D 9
Aug  6 02:53:58 dns1 popper[1294]: @[164.138.210.56]: -ERR POP EOF =
received
Aug  6 02:55:06 dns1 popper[1302]: (v2.4b2) Unable to get canonical name =
of client, err =3D 9
Aug  6 02:55:06 dns1 popper[1302]: @[164.138.210.56]: -ERR POP EOF =
received
Aug  6 02:55:10 dns1 popper[1304]: (v2.4b2) Unable to get canonical name =
of client, err =3D 9
Aug  6 02:55:10 dns1 popper[1304]: @[164.138.210.56]: -ERR POP EOF =
received
Aug  6 02:59:36 dns1 popper[1310]: (v2.4b2) Unable to get canonical name =
of client, err =3D 9
Aug  6 02:59:36 dns1 popper[1310]: @[164.138.210.56]: -ERR POP EOF =
received
Aug  6 02:59:43 dns1 popper[1312]: (v2.4b2) Unable to get canonical name =
of client, err =3D 9
Aug  6 02:59:43 dns1 popper[1312]: @[164.138.210.56]: -ERR POP EOF =
received

Why do people bother?

As If system administrators have not got enough to do!

I'm now running bind 4.9.7 from http://www.isc.org/bind.html



------=_NextPart_000_0043_01BDC22D.0F53A9E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>

<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 =
HTML//EN"><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<META content=3D'"MSHTML 4.71.1712.3"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000000><FONT size=3D3>Further to the message =
regarding MSCAN=20
here is a transcipt from the system log of someone overloading my name =
server=20
and trying to hack my system. </FONT></FONT><FONT size=3D3>If you are =
wondering=20
who it was:</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV>cauchy.korea.ac.kr.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Here is were named fell over.<BR>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2><FONT size=3D1>Aug&nbsp; 6 02:00:03 =
dns1=20
named[155]: named.3.81.194.rev: WARNING SOA retry value is less then=20
maintainance interval (300 &lt; 900)<BR>Aug&nbsp; 6 02:00:03 dns1 =
named[155]:=20
named.4.81.194.rev: WARNING SOA retry value is less then maintainance =
interval=20
(300 &lt; 900)<BR>Aug&nbsp; 6 02:00:03 dns1 named[155]: =
named.5.81.194.rev:=20
WARNING SOA retry value is less then maintainance interval (300 &lt;=20
900)<BR>Aug&nbsp; 6 02:00:03 dns1 named[155]: named.6.81.194.rev: =
WARNING SOA=20
retry value is less then maintainance interval (300 &lt; =
900)<BR>Aug&nbsp; 6=20
02:00:03 dns1 named[155]: named.7.81.194.rev: WARNING SOA retry value is =
less=20
then maintainance interval (300 &lt; 900)<BR>Aug&nbsp; 6 02:00:03 dns1=20
named[155]: Ready to answer queries.</FONT></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2><FONT =
size=3D1></FONT></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2><FONT size=3D1><FONT size=3D3>Here =
is where they=20
tried to hack something else?</FONT> <BR>Aug&nbsp; 6 02:53:54 dns1 =
popper[1292]:=20
(v2.4b2) Unable to get canonical name of client, err =3D 9<BR>Aug&nbsp; =
6 02:53:54=20
dns1 popper[1292]: @[164.138.210.56]: -ERR POP EOF received<BR>Aug&nbsp; =
6=20
02:53:58 dns1 popper[1294]: (v2.4b2) Unable to get canonical name of =
client, err=20
=3D 9<BR>Aug&nbsp; 6 02:53:58 dns1 popper[1294]: @[164.138.210.56]: -ERR =
POP EOF=20
received<BR>Aug&nbsp; 6 02:55:06 dns1 popper[1302]: (v2.4b2) Unable to =
get=20
canonical name of client, err =3D 9<BR>Aug&nbsp; 6 02:55:06 dns1 =
popper[1302]:=20
@[164.138.210.56]: -ERR POP EOF received<BR>Aug&nbsp; 6 02:55:10 dns1=20
popper[1304]: (v2.4b2) Unable to get canonical name of client, err =3D=20
9<BR>Aug&nbsp; 6 02:55:10 dns1 popper[1304]: @[164.138.210.56]: -ERR POP =
EOF=20
received<BR>Aug&nbsp; 6 02:59:36 dns1 popper[1310]: (v2.4b2) Unable to =
get=20
canonical name of client, err =3D 9<BR>Aug&nbsp; 6 02:59:36 dns1 =
popper[1310]:=20
@[164.138.210.56]: -ERR POP EOF received<BR>Aug&nbsp; 6 02:59:43 dns1=20
popper[1312]: (v2.4b2) Unable to get canonical name of client, err =3D=20
9<BR>Aug&nbsp; 6 02:59:43 dns1 popper[1312]: @[164.138.210.56]: -ERR POP =
EOF=20
received<BR></FONT></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 face=3D"" size=3D3>Why do people =
bother?</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>As If system administrators have not got enough to do!</DIV>
<DIV>&nbsp;</DIV>
<DIV>I'm now running bind 4.9.7 from <A=20
href=3D"http://www.isc.org/bind.html">http://www.isc.org/bind.html</A></D=
IV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0043_01BDC22D.0F53A9E0--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01bdc224$ad8f41e0$380051c2>