RE: Bind: unapproved query (version.bind) Script kiddies?
From: Jason DiCioccio (Jason.DiCioccio@Epylon.com)
Date: 01/30/01
- Next message: David La Croix: "Re: Bind: unapproved query (version.bind) Script kiddies?"
- Previous message: David La Croix: "Bind: unapproved query (version.bind) Script kiddies?"
- Maybe in reply to: David La Croix: "Bind: unapproved query (version.bind) Script kiddies?"
- Next in thread: David La Croix: "Re: Bind: unapproved query (version.bind) Script kiddies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jason DiCioccio <Jason.DiCioccio@Epylon.com> To: 'David La Croix' <dlacroix@cowpie.acm.vt.edu>, freebsd-security@freebsd.org Date: Tue, 30 Jan 2001 14:52:00 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I would say it definitely is ;)
- -------
Jason DiCioccio
Evil Genius
Unix BOFH
mailto:jasond@epylon.com
415-593-2761 Direct & Fax
415-593-2900 Main
Epylon Corporation
645 Harrison Street, Suite 200
San Francisco, CA 94107
www.epylon.com
BSD is for people who love Unix -
Linux is for people who hate Microsoft
- -----Original Message-----
From: David La Croix [mailto:dlacroix@cowpie.acm.vt.edu]
Sent: Tuesday, January 30, 2001 2:45 PM
To: freebsd-security@freebsd.org
Subject: Bind: unapproved query (version.bind) Script kiddies?
I just noticed the following in my logfiles: (/var/log/messages)
it was running Bind 8.2.2-
Jan 26 22:37:43 mildred named[41908]: unapproved query from
[208.44.147.11].1584
for "version.bind"
[repeat 23 more times from the same IP]
Jan 27 01:44:42 mildred named[41908]: unapproved query from
[208.139.163.15].273
4 for "version.bind"
[repeat 32 more times from the same IP]
Could this be script kiddie activity? This was before I upgraded to
8.2.3,
and before the CERT alert came out.
What I don't get is why the unapproved query repeated so many times,
within
(according to the timestamp) 3 seconds on both occasions.
I will note: this activity goes back through about November of 2000,
seemingly from different IP addresses.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOndF+lCmU62pemyaEQKsYACfcnTlUi0GdcPNeUKQjUH9xTmuEAIAoN5d
E4BOnNGyRLlPVJpAirsY7PbT
=1Vpf
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/octet-stream attachment: Jason_DiCioccio.vcf
- Next message: David La Croix: "Re: Bind: unapproved query (version.bind) Script kiddies?"
- Previous message: David La Croix: "Bind: unapproved query (version.bind) Script kiddies?"
- Maybe in reply to: David La Croix: "Bind: unapproved query (version.bind) Script kiddies?"
- Next in thread: David La Croix: "Re: Bind: unapproved query (version.bind) Script kiddies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
