Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

My Bind server is.. attacking???

Discussion in 'Bind/DNS/Nameserver' started by cretu, Apr 21, 2005.

  1. cretu

    cretu Well-Known Member

    Jul 21, 2002
    Likes Received:
    Trophy Points:
    Hello there,
    I am having a heck of the problems on one of our servers. The "named" sits on the top and it seems like bandwidth is leaking pretty fast.

    The logs are showing hundreds of lines:

    " Apr 21 12:26:01 hydra kernel: ** OUT_UDP DROP ** IN= OUT=eth0 SRC=MY_SERVERS_IP DST=SOME_OTHER_VARIOUS_IPs LEN=150 TOS=0x00 PREC=0x00 TTL=64 ID=29567 DF PROTO=UDP SPT=53 DPT=193 LEN=130".

    I have checked for rootkits, etc and nothing shows up on the scanners. I've got APF installed as well.

    I appreciate help on this one. Perhaps, a company that could look into this server and perform security audit...

    Thank you.

  2. chirpy

    chirpy Well-Known Member Verifed Vendor

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    Considering the ports being used (SPT:53 DPT:193) you're either under a DOS attack on named, or have customers with poorly configured Windows PC's. Either way, have you blocked the DST IP addresses in question?
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice