Date: Tue, 30 Jan 2001 16:45:04 -0600 (CST) From: David La Croix <dlacroix@cowpie.acm.vt.edu> To: freebsd-security@freebsd.org Subject: Bind: unapproved query (version.bind) Script kiddies? Message-ID: <200101302245.RAA12443@cowpie.acm.vt.edu>
next in thread | raw e-mail | index | archive | help
I just noticed the following in my logfiles: (/var/log/messages) it was running Bind 8.2.2- Jan 26 22:37:43 mildred named[41908]: unapproved query from [208.44.147.11].1584 for "version.bind" [repeat 23 more times from the same IP] Jan 27 01:44:42 mildred named[41908]: unapproved query from [208.139.163.15].273 4 for "version.bind" [repeat 32 more times from the same IP] Could this be script kiddie activity? This was before I upgraded to 8.2.3, and before the CERT alert came out. What I don't get is why the unapproved query repeated so many times, within (according to the timestamp) 3 seconds on both occasions. I will note: this activity goes back through about November of 2000, seemingly from different IP addresses. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101302245.RAA12443>