Security Incidents mailing list archives
DNS unapproved AXFR
From: Andrea Vettori <av () TSERVICETLC NET>
Date: Mon, 21 Aug 2000 09:36:58 +0200
Hi, today I've noticed these lines in the logs (the ns allows transfer only between the master and the slaves) : Aug 19 16:55:31 ns named[9119]: unapproved AXFR from [140.233.20.99].1423 for "euromacchine.it" (acl) Aug 19 16:56:30 ns named[9119]: unapproved AXFR from [140.233.20.99].1503 for "euromacchine.it" (acl) Aug 19 23:32:04 ns named[9119]: unapproved AXFR from [203.75.204.245].1580 for "simatengineering.it" (acl) Aug 19 23:59:57 ns named[9119]: unapproved AXFR from [140.233.20.99].1460 for "plas.it" (acl) Aug 20 00:51:10 ns named[9119]: unapproved AXFR from [140.233.20.99].4574 for "niceforyou.it" (acl) Can these prelude an attack on our primary DNS server ? And why the AXFR on that domains and not on the other (.it, .com and .net) the server contains ? P.S. We receive one scan a day on the usual ports (IMAP, POP2, >1024, ecc.). Today someone has scan our servers for port 98 which iana port numbers says it is bind to tacnews (that i don't know what is it). Thank you -- Ing. Andrea Vettori Inetronics An Internet Centric Company
Current thread:
- DNS unapproved AXFR Andrea Vettori (Aug 21)
- Re: DNS unapproved AXFR Dan Hollis (Aug 21)
- Re: DNS unapproved AXFR Chris Keladis (Aug 21)
- Re: DNS unapproved AXFR Bjorn Djupvik (Aug 22)
- Re: DNS unapproved AXFR Ian Eure (Aug 22)