Date: Tue, 12 May 1998 16:49:09 -0700 From: Studded <Studded@dal.net> To: kbrown@primelink.com Cc: freebsd-isp@FreeBSD.ORG Subject: Re: some interesting named syslog entries... Message-ID: <3558DFF5.DC16BC44@dal.net> References: <86256602.00711323.00@domino.primelink.com>
index | next in thread | previous in thread | raw e-mail
kbrown@primelink.com wrote:
>
> I have been getting several entries in my syslog from named. They happen
> nearly once an hour...what ever do they mean?
>
> Response from unexpected source ([208.220.140.1].53)
> Response from unexpected source ([208.220.140.2].53)
Most times that message is harmless. It means that you queried a
nameserver at one IP address and the nameserver sent out its response on
a different one. It *can* mean that someone is attempting various
exploits against your nameserver (especially if it's a resolver) however
if you are using BIND 4.9.6 or later you needn't worry about those
exploits (although you should upgrade to 4.9.7 or 8.1.2).
A little detective work might give you a hint as to where the
information is coming from, here's where I usually start:
146# whois -a 208.220.140
Green Hills Telephone (NETBLK-UU-208-220-140) UU-208-220-140
208.220.140.0 -
208.220.141.255
UUNET Technologies, Inc. (NETBLK-UUNET1996B) UUNET1996B
208.192.0.0 -
208.243.255.255
Is anyone from your site looking up something at Green Hills Telephone?
:)
Good luck,
Doug
--
*** Chief Operations Officer, DALnet IRC network ***
*** Proud designer and maintainer of the world's largest Internet
*** Relay Chat server with 5,328 simultaneous connections.
*** Try spider.dal.net on ports 6662-4 (Powered by FreeBSD)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3558DFF5.DC16BC44>