Re: checking security logs

To: debian-security@lists.debian.org
Subject: Re: checking security logs
From: jakemsr <jakemsr@clipper.net>
Date: Wed, 24 Jan 2001 05:53:23 +0000
Message-id: <[🔎] 20010124055323.A3680@funk.my.dom>
In-reply-to: <[🔎] 20010123200259.A10495@gandalf.hafd.org>; from jordanb@hafd.org on Tue, Jan 23, 2001 at 08:02:59PM -0600
References: <l03130301b692e85f727f@[172.16.1.4]> <[🔎] 20010123090130.B9385@davidduffey.com> <[🔎] 87k87me0vt.fsf@winter.inter-i.uni-mainz.de> <[🔎] 20010123114528.0be27e6a.gordzilla@linuxfan.com> <[🔎] 20010123200259.A10495@gandalf.hafd.org>

On Tue, Jan 23, 2001 at 08:02:59PM -0600, Jordan Bettis wrote:

> yet another trying DNS (comming from another dns server, hrmm)
> 
> Jan 23 03:43:00 marvin kernel: Packet log: input DENY eth1 PROTO=6 148.235.3.71:53 24.14.189.245:53 L=40 S=0x00 I=39426 F=0x0000 T=27 SYN (#10)

Is it not normal for nameservers to "talk" to each other?
Or are nameservers only supposed to "talk" to their listed forwarders? 
What about [A-M].ROOT-SERVERS.NET?
I am currently allowing all otherwise reasonable tcp connections 
with my nameserver (by IP) as the destination in and out at port 53.
Is that risky, or is that helping resolvers get my IP quicker?  
Or both?  Or neither?

.sig

Reply to:

Follow-Ups:
- Re: checking security logs
  - From: "Matthew Sherborne" <Matthews@softtech.co.nz>

References:
- checking security logs
  - From: John Reinke <jmreinke@ukans.edu>
- Re: checking security logs
  - From: David Duffey <email@davidduffey.com>
- Re: checking security logs
  - From: Rainer Weikusat <weikusat@mail.uni-mainz.de>
- Re: checking security logs
  - From: Gord Mc.Pherson <gordzilla@linuxfan.com>
- Re: checking security logs
  - From: Jordan Bettis <jordanb@hafd.org>

Prev by Date: Re: Strange logs for connection
Next by Date: Re: checking security logs
Previous by thread: Re: checking security logs
Next by thread: Re: checking security logs
Index(es):
- Date
- Thread