[BlueOnyx:11614] Logwatch question
Barry Mishkind
barry at oldradio.com
Fri Oct 26 10:01:00 -05 2012
Until about two weeks ago, my logwatch file was usually about
10 to 20 kB. Since then it has been between one and two MEGABYTES,
with a lot of recurring entries like these:
connection refused resolving 'sns.vloto.net/A/IN': 46.233.0.6#53: 1 Time(s)
connection refused resolving 'sns.vloto.net/AAAA/IN': 46.233.0.6#53: 1 Time(s)
connection refused resolving 'wvdj.org/A/IN': 70.32.40.43#53: 2 Time(s)
host unreachable resolving '102.106.125.111.in-addr.arpa/PTR/IN': 202.69.191.8#53: 1 Time(s)
host unreachable resolving '147.96.4.210.in-addr.arpa/PTR/IN': 202.69.191.8#53: 1 Time(s)
host unreachable resolving '159.18.225.24.in-addr.arpa/PTR/IN': 24.225.0.1#53: 1 Time(s)
network unreachable resolving '0.216.195.117.in-addr.arpa/PTR/IN': 2001:67c:1010:27::53#53: 1 Time(s)
network unreachable resolving '0.65.205.117.in-addr.arpa/PTR/IN': 2001:67c:1010:27::53#53: 1 Time(s)
network unreachable resolving '0.74.140.120.in-addr.arpa/PTR/IN': 2001:67c:1010:27::53#53: 1 Time(s)
network unreachable resolving '0.97.89.2.in-addr.arpa/PTR/IN': 2001:dc0:2001:a:4608::59#53: 1 Time(s)
network unreachable resolving '0.ns.spamhaus.org/A/IN': 2001:630:1:106::6#53: 1 Time(s)
It was suggested to me that this may show someone was trying to use my server for a DDOS attack on someone else. The list of URLS involved is stunning.
Perhaps someone has a suggestion on what to do?
thanks!
barry
More information about the Blueonyx
mailing list