I'm running bind 9.2.4-2 on a CentOS 4.0 server. The last week or so I've noticed some oddities in the logs. Here are some examples
Oct 30 04:32:52 ns1 named[16917]: dispatch 0xb56f3f70: shutting down due to TCP receive error: connection reset Oct 30 04:32:52 ns1 named[16917]: dispatch 0xb5b3ef18: shutting down due to TCP receive error: connection reset Oct 30 04:32:52 ns1 named[16917]: dispatch 0xb5b3ef18: shutting down due to TCP receive error: connection reset Oct 30 04:32:52 ns1 named[16917]: dispatch 0xb56f3f70: shutting down due to TCP receive error: connection reset
The frequency of this fluctuates considerably, between 2 and 200 times a day. I'm concerned that someone may be utilizing an exploit that hasn't been released/announced to the public. Can anyone help explain what I'm seeing here? I've dug through the dispatch source, but I don't speak c/c++ so its greek to me.
Matt
-- Got gmail? I do hahaha
-
crash3m