[CentOS] Whats with named?

Tue Dec 6 17:04:27 UTC 2005
Sam Drinkard <sam at wa4phy.net>

Jim Perrin wrote:

>On 12/6/05, Sam Drinkard <sam at wa4phy.net> wrote:
>  
>
>>Found this entry in the log this morning.  Never have seen such
>>before.......
>>
>> --------------------- Named Begin ------------------------
>>
>>
>>**Unmatched Entries**
>>   dispatch 0x8ea6e48: shutting down due to TCP receive error: connection reset: 1 Time(s)
>>
>> ---------------------- Named End -------------------------
>>
>>--
>>Snowman
>>
>>    
>>
>
>As I understand it, this is caused by named being fed bad packets,
>either by some form of automated attack, or crappy dns server that
>named queried on its way to find out what you asked it for. Depending
>on the verbosity of the named logs you keep, you could grep this out,
>and look at the queries near it to see if there's a particular cause.
>Or it may not be worth it to you.
>
>--
>Jim Perrin
>System Architect - UIT
>Ft Gordon & US Army Signal Center
>_______________________________________________
>
>  
>
Thanks Jim.  I'd never ever seen anything happen to named, on BSD or 
Linux before.  As for logs, what level of logging is "stock" is what I 
would expect doing a dump.  May give that a shot and see what, if 
anything is in there.
Not really been plagued by hackers too much, but I notice I've been 
probed several days in a row now from something/body in the same /16 ip 
block.  Don't think it's local to the colocation site tho.



-- 
Snowman