Re: TCP domain connection

To: debian-user <debian-user@lists.debian.org>
Subject: Re: TCP domain connection
From: Steve Zinck <sz@nerd.halifax.ns.ca>
Date: Sat, 3 Jun 2000 21:29:28 -0300
Message-id: <[🔎] 20000603212928.A29226@nerd.halifax.ns.ca>
In-reply-to: <[🔎] 14649.30982.457362.442376@cmb1-3.dial-up.arnes.si>; from igor.mozetic@uni-mb.si on Sat, Jun 03, 2000 at 11:30:46PM +0200
References: <[🔎] 14649.30982.457362.442376@cmb1-3.dial-up.arnes.si>

It's probably nothing to worry about.  But if they're zone transfers, 
you can prevent that (BIND 8.x syntax ...) with allow-transfer in your 
named.conf.  ie:

zone "domain.com" {
	allow-transfer { 123.456.7.8; };
};

Also, if you're worried about BIND security, you might want to look into 
running it under chroot.  I believe SecurityFocus and linux.com have 
good tutorials.

Steve

On Sat, Jun 03, 2000 at 11:30:46PM +0200, Igor Mozetic wrote:
> 
> I'm observing TCP connections to port 53 (domain) to our
> (secondary) name server from unknown locations.
> ippl.log looks like:
> 
> Jun  3 21:51:59 domain connection attempt from  [x.x.x.x]
>      (x.x.x.x:3302->y.y.y.y:53)
> 
> As far as I understand, these are not DNS queries since they
> are UDP. Is this a break-in attemtp, should I ignore it, how
> to prevent it (TCP wrappers don't work here) ... ?

> 
> -Igor Mozetic
> 
> 

-- 
Steve Zinck <sz@nerd.halifax.ns.ca>
http://nerd.halifax.ns.ca

Reply to:

References:
- TCP domain connection
  - From: Igor Mozetic <igor.mozetic@uni-mb.si>

Prev by Date: Re: yahoo messenger
Next by Date: Video problems during 2.2 install
Previous by thread: Re: TCP domain connection
Next by thread: Re: TCP domain connection
Index(es):
- Date
- Thread