[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] stream_getlen entry in log - question
- Subject: [cobalt-users] stream_getlen entry in log - question
- From: Diana Brake <diana@xxxxxxxxxxxxx>
- Date: Fri Apr 20 03:32:13 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi all,
I found this in my log today:
Apr 20 09:51:40 myserver named[5785]: stream_getlen([0.252.255.127].0):
Connection timed out
Apr 20 09:51:40 myserver named[5785]:
stream_getlen([208.252.255.127].43393): Connection timed out
After some research, I found that this is possibly the
footprint..(toeprint..:) of an would-be intruder. Doing a search on
Google.com with
stream_getlen as the term, provides tons of info.
But, my question is this, does anyone know what kind of information the
server gives out even when it has rejected the request, ..(connection times
out).? Another way...what does someone gain by doing this?
The curious thing in all the info I found was that this little "poke" is
often _not_ logged at all so I'm doubly curious now that I've seen it. As
an aside, I was also poked in port 7 this morning..which is also a first
for me. That IP was different than either of the two above. And, the two
above appear to be invalid (spoofed?) anyway.
Below is a short bit of info I found about what stream_getlen means when
Bind speaks it.
stream_getlen([132.174.41.201].49354): Connection timed out
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
stream_getlen([207.82.61.10].2200): request too small
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that your name server received a query whose TCP header indicated
that the query was smaller than the smallest possible DNS query.
Consequently, your name server rejected it.
Crest Communications, Inc. diana@xxxxxxxxxxxxx
Beautiful Sunny Florida http://crestcommunications.com/
352-495-9359, 425-732-9785 fax