From owner-freebsd-isp Tue May 12 16:49:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA27208 for freebsd-isp-outgoing; Tue, 12 May 1998 16:49:20 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from dt050n33.san.rr.com (@dt053nd2.san.rr.com [204.210.34.210]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA27202 for ; Tue, 12 May 1998 16:49:16 -0700 (PDT) (envelope-from Studded@dal.net) Received: from dal.net (Studded@localhost [127.0.0.1]) by dt050n33.san.rr.com (8.8.8/8.8.8) with ESMTP id QAA09733; Tue, 12 May 1998 16:49:10 -0700 (PDT) (envelope-from Studded@dal.net) Message-ID: <3558DFF5.DC16BC44@dal.net> Date: Tue, 12 May 1998 16:49:09 -0700 From: Studded Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.05 [en] (X11; I; FreeBSD 2.2.6-STABLE-0507 i386) MIME-Version: 1.0 To: kbrown@primelink.com CC: freebsd-isp@FreeBSD.ORG Subject: Re: some interesting named syslog entries... References: <86256602.00711323.00@domino.primelink.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org kbrown@primelink.com wrote: > > I have been getting several entries in my syslog from named. They happen > nearly once an hour...what ever do they mean? > > Response from unexpected source ([208.220.140.1].53) > Response from unexpected source ([208.220.140.2].53) Most times that message is harmless. It means that you queried a nameserver at one IP address and the nameserver sent out its response on a different one. It *can* mean that someone is attempting various exploits against your nameserver (especially if it's a resolver) however if you are using BIND 4.9.6 or later you needn't worry about those exploits (although you should upgrade to 4.9.7 or 8.1.2). A little detective work might give you a hint as to where the information is coming from, here's where I usually start: 146# whois -a 208.220.140 Green Hills Telephone (NETBLK-UU-208-220-140) UU-208-220-140 208.220.140.0 - 208.220.141.255 UUNET Technologies, Inc. (NETBLK-UUNET1996B) UUNET1996B 208.192.0.0 - 208.243.255.255 Is anyone from your site looking up something at Green Hills Telephone? :) Good luck, Doug -- *** Chief Operations Officer, DALnet IRC network *** *** Proud designer and maintainer of the world's largest Internet *** Relay Chat server with 5,328 simultaneous connections. *** Try spider.dal.net on ports 6662-4 (Powered by FreeBSD) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message