[NTLUG:Discuss] what is going on?
Jay Urish
j at yourlinuxguru.com
Fri May 25 11:24:28 CDT 2001
Hey guys,
One two of my servers I have been getting this stuff coming through the log
checker..
I know port 53 is the DNS port, and I suspect some one is trying to
compromise BIND.
Here is a snip...
Any ideas?
----
Security Violations
=-=-=-=-=-=-=-=-=-=
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
209.249.97.40:26910 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=243 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
64.37.200.46:12515 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=247 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
216.35.167.58:62709 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=247 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
216.33.35.214:31892 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=241 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
63.209.147.246:47883 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=247 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
64.55.37.26:38798 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=238 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
216.220.39.42:16839 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=240 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
207.55.138.206:35411 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=245 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
64.14.200.154:12469 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=246 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
208.184.162.71:37904 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=238 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
216.34.68.2:50424 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=245 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
64.78.235.14:15254 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=241 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
62.23.80.2:18198 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=226 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
212.78.160.237:61467 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=229 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
62.26.119.34:32240 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=240 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
64.56.174.186:35938 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=243 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
212.23.225.98:32064 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=229 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
194.213.64.150:25993 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=235 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
202.139.133.129:57182 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=242 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
203.194.166.182:22584 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=239 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
203.208.128.70:43794 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=234 (#78)
May 23 05:04:24 ns kernel: Packet log: input DENY eth0 PROTO=6
194.205.125.26:37377 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=241 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
209.249.97.40:26910 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=243 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
216.35.167.58:62709 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=247 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
64.37.200.46:12515 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=247 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
63.209.147.246:47883 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=247 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
64.55.37.26:38798 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=238 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
216.220.39.42:16839 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=240 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
216.33.35.214:31892 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=241 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
208.184.162.71:37904 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=238 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
64.14.200.154:12469 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=246 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
207.55.138.206:35411 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=245 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
216.34.68.2:50424 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=245 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
62.23.80.2:18198 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=226 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
64.78.235.14:15254 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=241 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
212.78.160.237:61467 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=229 (#78)
May 23 05:04:26 ns kernel: Packet log: input DENY eth0 PROTO=6
62.26.119.34:32240 65.67.99.225:53 L=44 S=0x00 I=0 F=0x0000 T=240 (#78)
----
Jay Urish
Your Linux Guru.
Sendmail/Bind/Apache/DHCPD/IPchains/Samba expertise all in one place!
www.yourlinuxguru.com
More information about the Discuss
mailing list