[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Unapproved "approved zone transfer"

Subject: [cobalt-users] Unapproved "approved zone transfer"
From: Rodolfo Paiz <rpaiz@xxxxxxxxxxxxxx>
Date: Sun Mar 4 19:04:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi, all...

I found this little goody mailed to me this morning by LogCheck:

Mar  3 03:48:21 adan named[443]: approved AXFR from
[198.163.115.99].4230 for "informa.org.gt"
Mar  3 03:48:21 adan named[443]: zone transfer (AXFR) of
"informa.org.gt" (IN) to [198.163.115.99].4230

The curious thing is:

* I don't use this domain (all traffic is pointed to the .com)
* Everything in named.conf says "allow-update from none"
* I don't see anything else in the logs from this IP
* I don't even know anyone in Canada
* Why the hell would mudpuppy.armchair.mb.ca want my zone file?

I'd treat it as a hack attempt, but there doesn't seem to be a point.
Can anyone offer any comments?

P.S. Logcheck is my friend. ipchains is about to be my friend.
PortSentry will be my friend by tomorrow, as soon as ipchains is active.
These things help me sleep better at night. Happy Rodolfo.

--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>

Follow-Ups:
- Re: [cobalt-users] Unapproved "approved zone transfer"
  - From: flash22
- Re: [cobalt-users] Unapproved "approved zone transfer"
  - From: Gerald Waugh

Prev by Date: RE: [cobalt-users] Web security help
Next by Date: RE: [cobalt-users] I can't telnet, or from serial port.
Previous by thread: Re: [cobalt-users] RE:How can I rename my Raq 4i from "nobody"?
Next by thread: Re: [cobalt-users] Unapproved "approved zone transfer"

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index