[BlueOnyx:11616] Re: Logwatch question
Gerald Waugh
gwaugh at frontstreetnetworks.com
Fri Oct 26 11:41:05 -05 2012
On 10/26/2012 10:01 AM, Barry Mishkind wrote:
> Until about two weeks ago, my logwatch file was usually about
> 10 to 20 kB. Since then it has been between one and two MEGABYTES,
> with a lot of recurring entries like these:
>
> connection refused resolving 'sns.vloto.net/A/IN': 46.233.0.6#53: 1 Time(s)
> connection refused resolving 'sns.vloto.net/AAAA/IN': 46.233.0.6#53: 1 Time(s)
> connection refused resolving 'wvdj.org/A/IN': 70.32.40.43#53: 2 Time(s)
> host unreachable resolving '102.106.125.111.in-addr.arpa/PTR/IN': 202.69.191.8#53: 1 Time(s)
> host unreachable resolving '147.96.4.210.in-addr.arpa/PTR/IN': 202.69.191.8#53: 1 Time(s)
> host unreachable resolving '159.18.225.24.in-addr.arpa/PTR/IN': 24.225.0.1#53: 1 Time(s)
> network unreachable resolving '0.216.195.117.in-addr.arpa/PTR/IN': 2001:67c:1010:27::53#53: 1 Time(s)
> network unreachable resolving '0.65.205.117.in-addr.arpa/PTR/IN': 2001:67c:1010:27::53#53: 1 Time(s)
> network unreachable resolving '0.74.140.120.in-addr.arpa/PTR/IN': 2001:67c:1010:27::53#53: 1 Time(s)
> network unreachable resolving '0.97.89.2.in-addr.arpa/PTR/IN': 2001:dc0:2001:a:4608::59#53: 1 Time(s)
> network unreachable resolving '0.ns.spamhaus.org/A/IN': 2001:630:1:106::6#53: 1 Time(s)
>
> It was suggested to me that this may show someone was trying to use my server for a DDOS attack on someone else. The list of URLS involved is stunning.
>
> Perhaps someone has a suggestion on what to do?
>
>
Not sure this is the best answer, But here is our solution
if your ISP provides nameservers, then only allow your nameservers to
respond for queries for domains it is responsible for.
Make sure your server is setup to use your isp nameservers, in System
Management -> TCP/IP
In /etc/maned.conf
options {
recursion no;
};
then restart named
YMMV
--
Gerald
More information about the Blueonyx
mailing list