Security Incidents mailing list archives
R: DNS unapproved AXFR
From: Andrea Vettori <av () TSERVICETLC NET>
Date: Wed, 23 Aug 2000 08:55:59 +0200
Hi all, thank you for the aswers... I've one more question: How can these AXFR be caused by misconfigured name servers ? For what I know about DNS the zone one system is authoritative for must be coded in the named.conf file. Thanks -- Ing. Andrea Vettori Inetronics An Internet Centric Company
-----Messaggio originale----- Da: Andrea Vettori [mailto:av () TSERVICETLC NET] Inviato: lunedì 21 agosto 2000 9.37 A: INCIDENTS () SECURITYFOCUS COM Oggetto: DNS unapproved AXFR Hi, today I've noticed these lines in the logs (the ns allows transfer only between the master and the slaves) : Aug 19 16:55:31 ns named[9119]: unapproved AXFR from [140.233.20.99].1423 for "euromacchine.it" (acl) Aug 19 16:56:30 ns named[9119]: unapproved AXFR from [140.233.20.99].1503 for "euromacchine.it" (acl) Aug 19 23:32:04 ns named[9119]: unapproved AXFR from [203.75.204.245].1580 for "simatengineering.it" (acl) Aug 19 23:59:57 ns named[9119]: unapproved AXFR from [140.233.20.99].1460 for "plas.it" (acl) Aug 20 00:51:10 ns named[9119]: unapproved AXFR from [140.233.20.99].4574 for "niceforyou.it" (acl) Can these prelude an attack on our primary DNS server ? And why the AXFR on that domains and not on the other (.it, .com and .net) the server contains ? P.S. We receive one scan a day on the usual ports (IMAP, POP2,1024, ecc.).Today someone has scan our servers for port 98 which iana port numbers says it is bind to tacnews (that i don't know what is it). Thank you -- Ing. Andrea Vettori Inetronics An Internet Centric Company
Current thread:
- R: DNS unapproved AXFR Andrea Vettori (Aug 23)
- Re: R: DNS unapproved AXFR Ian Eure (Aug 23)