 |  |
Each message indicates that the host in question (IP address given in
Re: OK, what does this mean?
From: Men & Mice Support
Date: Wednesday, April 16, 2003
Time: 9:07:09 am
square brackets) tried to use the dynamic update mechanism to alter
your DNS data. It could indicate some sort of attack attempt. If your
zones aren't dynamic, you don't need to worry about your data being
compromised.
QuickDNS 4.5 introduced support for dynamic zones. To see if a zone
is set to be dynamic, open the zone options, then look near the
bottom of the window; there are a pair of radio buttons for static vs
dynamic.
Note that Windows workstations, by default, send dynamic update
messages to their local DNS server. So this could be what you're
seeing - it could be entirely innocent.
To filter these messages out of the log, set the severity level to
something higher than notice, such as warning.
____________________________________________________________________
Chris Buxton Men & Mice
support@menandmice.com Making DNS Easy
At 9:58 AM -0500 4/16/03, David Schaefer wrote:
>We run things pretty simply, all default settings, etc... In my
>server log I noticed this:
>
>15-Apr-2003 16:03:36.087 security: notice: denied update from
>[198.173.0.107].4318 for "bma-associates.com" IN
>15-Apr-2003 16:03:53.868 security: notice: denied update from
>[63.122.252.253].4988 for "omnibusadvertising.com" IN
>15-Apr-2003 16:07:26.903 security: notice: denied update from
>[63.122.252.253].1082 for "omnibusadvertising.com" IN
>15-Apr-2003 16:07:53.651 security: notice: denied update from
>[63.122.252.253].1096 for "omnibusadvertising.com" IN
>15-Apr-2003 16:08:36.240 security: notice: denied update from
>[198.173.0.107].4278 for "bma-associates.com" IN
>15-Apr-2003 16:12:12.348 security: notice: denied update from
>[63.122.252.253].1165 for "omnibusadvertising.com" IN
>15-Apr-2003 16:12:37.913 security: notice: denied update from
>[63.122.252.253].1175 for "omnibusadvertising.com" IN
>15-Apr-2003 16:17:42.351 security: notice: denied update from
>[63.122.252.253].1250 for "omnibusadvertising.com" IN
>15-Apr-2003 16:18:08.094 security: notice: denied update from
>[63.122.252.253].1260 for "omnibusadvertising.com" IN
>15-Apr-2003 16:18:36.423 security: notice: denied update from
>[198.173.0.107].4378 for "bma-associates.com" IN
>15-Apr-2003 16:22:42.888 security: notice: denied update from
>[63.122.252.253].1327 for "omnibusadvertising.com" IN
>15-Apr-2003 16:23:35.557 security: notice: denied update from
>[63.122.252.253].1344 for "omnibusadvertising.com" IN
>15-Apr-2003 16:27:10.199 security: notice: denied update from
>[63.122.252.253].1402 for "omnibusadvertising.com" IN
>15-Apr-2003 16:27:19.326 security: notice: denied update from
>[63.122.252.253].1410 for "omnibusadvertising.com" IN
>15-Apr-2003 16:30:59.700 security: notice: denied update from
>[129.37.160.87].1207 for "dastuart.com" IN
>15-Apr-2003 16:32:03.399 security: notice: denied update from
>[63.122.252.253].1479 for "omnibusadvertising.com" IN
>15-Apr-2003 16:33:16.887 security: notice: denied update from
>[63.122.252.253].1499 for "omnibusadvertising.com" IN
>15-Apr-2003 16:37:40.302 security: notice: denied update from
>[63.122.252.253].1563 for "omnibusadvertising.com" IN
>15-Apr-2003 16:37:54.403 security: notice: denied update from
>[207.32.46.216].2195 for "bma-associates.com" IN
>15-Apr-2003 16:39:42.637 security: notice: denied update from
>[63.122.252.253].1600 for "omnibusadvertising.com" IN
>15-Apr-2003 16:45:27.698 security: notice: denied update from
>[63.122.252.253].1681 for "omnibusadvertising.com" IN
>15-Apr-2003 16:46:39.242 security: notice: denied update from
>[63.122.252.253].1702 for "omnibusadvertising.com" IN
>15-Apr-2003 16:51:30.110 security: notice: denied update from
>[63.122.252.253].1772 for "omnibusadvertising.com" IN
>15-Apr-2003 16:52:07.767 security: notice: denied update from
>[63.122.252.253].1786 for "omnibusadvertising.com" IN
>
>The OmniBus one fills the logs... We do have DNS records for these domains....
>
>Thanks.
Messages In This Thread:
Return to Digital Point Solutions' Home Page