[Dshield] Any ideas?

Chris Carboni ccarboni at azerty.com
Fri Oct 12 20:40:44 GMT 2001


Yesterday one of our firewalls stopped responding instantly at about 9:35 am
Eastern.  It was rebooted and when the log was analyzed there were thousands
of entries like this ...


245503: Oct 11	09:38:51 (our firewall name here) kernel:	UDP refused
53 at 7f000001 -> 3534 at 7f000001 lo0
245504: Oct 11	09:38:51 (our firewall name here) kernel:	UDP refused
53 at 7f000001 -> 3535 at 7f000001 lo0
245505: Oct 11	09:38:51 (our firewall name here) kernel:	UDP refused
53 at 7f000001 -> 3536 at 7f000001 lo0
245506: Oct 11	09:38:51 (our firewall name here) kernel:	UDP refused
53 at 7f000001 -> 3549 at 7f000001 lo0
245507: Oct 11	09:38:51 (our firewall name here) kernel:	UDP refused
53 at 7f000001 -> 3560 at 7f000001 lo0
245508: Oct 11	09:38:52 (our firewall name here) kernel:	UDP refused
53 at 7f000001 -> 3561 at 7f000001 lo0

Is this consistent with the signature of known BIND attacks?

If not, does anyone have any idea what this is?

Thanks!




More information about the list mailing list