scandetd によると、 dns4.dion.ne.jp 210.172.64.112 I've counted 53 connections. First connection was made to 3619 port at Tue Nov 13 15:05:43 2001 Last connection was made to 3619 port at Tue Nov 13 15:09:01 2001
I've counted 44 connections. First connection was made to 3867 port at Tue Nov 13 17:17:23 2001 Last connection was made to 3867 port at Tue Nov 13 17:19:28 2001
I've counted 40 connections. First connection was made to 4092 port at Tue Nov 13 17:58:06 2001 Last connection was made to 4094 port at Tue Nov 13 17:58:39 2001
I've counted 43 connections. First connection was made to 2143 port at Wed Nov 14 14:33:54 2001 Last connection was made to 2149 port at Wed Nov 14 14:36:08 2001
dns1.dion.ne.jp 210.141.108.226 I've counted 46 connections. First connection was made to 3619 port at Tue Nov 13 15:05:43 2001 Last connection was made to 3619 port at Tue Nov 13 15:09:01 2001 とのこと。
あ、named.conf で query-source address * port 53 しても、source port が 53 に固定されるだけで、変な port には acccess してこないやん…。
113 :名無しさん@お腹いっぱい。 :01/11/14 15:40
>>112 それって BIND とか DNS と関係あるの? dns*.dion.ne.jp からのアクセスだからといって DNS のアクセスとは限らんでしょ?
ううむ。ヲレが管理していなかった mail server の log を見たら、DION から SMTP の不正中継要求の嵐…。 ってことは、例の UDP request が IP address spoofing か、実際に DION の DNS が crack されたかのどちらか って可能性が高いなぁ。
hoge.example.jp. IN A 192.168.12.34 34.12.168.192.in-addr.arpa. IN PTR 34.12.168.192.in-addr.arpa. 34.12.168.192.in-addr.arpa. IN A 34.12.168.192.in-addr.arpa.
>>200 If you are running a version of BIND prior to version 8.2.5, we recommend you upgrade for security reasons. か…。いったい、いつになったら BIND の security hole は塞がって いくんだろう…。