[Dshield] Any ideas?

Pim Kennis pim at inetnow.net
Sun Oct 14 17:07:23 GMT 2001


Looks like some kind of misconfiguration is causing this.
Source is always 127.0.0.1 (Hex 7f000001) port 53 and Destination is
127.0.0.1 as well.

Pim
----- Original Message -----
From: "Chris Carboni" <ccarboni at azerty.com>
To: <dshield at dshield.org>
Sent: Friday, October 12, 2001 4:40 PM
Subject: [Dshield] Any ideas?


> Yesterday one of our firewalls stopped responding instantly at about 9:35
am
> Eastern.  It was rebooted and when the log was analyzed there were
thousands
> of entries like this ...
>
>
> 245503: Oct 11 09:38:51 (our firewall name here) kernel: UDP refused
> 53 at 7f000001 -> 3534 at 7f000001 lo0
> 245504: Oct 11 09:38:51 (our firewall name here) kernel: UDP refused
> 53 at 7f000001 -> 3535 at 7f000001 lo0
> 245505: Oct 11 09:38:51 (our firewall name here) kernel: UDP refused
> 53 at 7f000001 -> 3536 at 7f000001 lo0
> 245506: Oct 11 09:38:51 (our firewall name here) kernel: UDP refused
> 53 at 7f000001 -> 3549 at 7f000001 lo0
> 245507: Oct 11 09:38:51 (our firewall name here) kernel: UDP refused
> 53 at 7f000001 -> 3560 at 7f000001 lo0
> 245508: Oct 11 09:38:52 (our firewall name here) kernel: UDP refused
> 53 at 7f000001 -> 3561 at 7f000001 lo0
>
> Is this consistent with the signature of known BIND attacks?
>
> If not, does anyone have any idea what this is?
>
> Thanks!
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list