strange bind behavior
crash3m
crash3m at gmail.com
Wed Nov 2 09:26:21 CST 2005
I'm running bind 9.2.4-2 on a CentOS 4.0 server. The last week or so I've
noticed some oddities in the logs. Here are some examples
Oct 30 04:32:52 ns1 named[16917]: dispatch 0xb56f3f70: shutting down due to
TCP receive error: connection reset
Oct 30 04:32:52 ns1 named[16917]: dispatch 0xb5b3ef18: shutting down due to
TCP receive error: connection reset
Oct 30 04:32:52 ns1 named[16917]: dispatch 0xb5b3ef18: shutting down due to
TCP receive error: connection reset
Oct 30 04:32:52 ns1 named[16917]: dispatch 0xb56f3f70: shutting down due to
TCP receive error: connection reset
The frequency of this fluctuates considerably, between 2 and 200 times a
day. I'm concerned that someone may be utilizing an exploit that hasn't been
released/announced to the public. Can anyone help explain what I'm seeing
here? I've dug through the dispatch source, but I don't speak c/c++ so
its greek to me.
Matt
--
Got gmail? I do hahaha
More information about the Kclug
mailing list