LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-06-2006, 11:42 PM   #1
inaki
Member
 
Registered: Mar 2005
Posts: 94

Rep: Reputation: 15
DDOS attack in BIND9


Base on the log below, i assume that my DNS server has been attacked using DDOS attack. It is because domain mysop.com.my and lingkup.com.my is not valid anymore. Valid domain is only gh.com.my. How do i check whether the DNS Server is compromised or not. I've install rkhunter and chkrootkit and found nothing.
Could anybody knows any threat for BIND9 in DDOS attack.

11:29:10.730443 tilapia.domain > 202.103.44.165.32801: 51272*- 0/1/1 (102) (DF)
11:29:10.731382 202.103.44.165.32801 > tilapia.domain: 45674 [1au] AAAA? ns2.lingkup.com.my. OPT UDPsiz
e=4096 (52) (DF)
11:29:10.731746 tilapia.domain > 202.103.44.165.32801: 45674*- 0/1/1 (106) (DF)
11:29:11.547598 nsc00.chi.us.siteprotect.com.29092 > tilapia.domain: 44845 A? moysop.com.my. (30) (DF)
11:29:11.547987 tilapia.domain > nsc00.chi.us.siteprotect.com.29092: 44845- 0/2/2 (111) (DF)
11:29:12.756106 phil-cns01.inflow.pa.bo.comcast.net.33616 > tilapia.domain: 53654 MX? lingkup.com.my. (3
7) (DF)
11:29:12.756400 tilapia.domain > phil-cns01.inflow.pa.bo.comcast.net.33616: 53654*- 0/1/0 (91) (DF)
11:29:14.557896 216.230.196.252.11085 > tilapia.domain: 9143 A? moysop.com.my. (30)
11:29:14.558319 tilapia.domain > 216.230.196.252.11085: 9143- 0/2/2 (111) (DF)
11:29:15.407060 202.188.0.161.39903 > tilapia.domain: 30885 A? smtp.gh.com.my. (33) (DF)
11:29:15.407374 tilapia.domain > 202.188.0.161.39903: 30885 NXDomain*- 0/1/0 (100) (DF)
 
Old 08-07-2006, 01:46 AM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 117Reputation: 117
Well, a DDoS attack is not usually to compromise systems, but to knock them offline. Is there a reason you think this was an attack? It looks fairly benign to me.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Looking for a great ddos/attack protection. crime Linux - Security 2 06-07-2006 10:18 PM
DDOS attack WebProblem GNU Linux - Security 15 02-09-2005 09:28 PM
ddos or hacked? Please help!! lucastic Linux - Security 8 12-16-2004 07:56 PM
Ddos Mag|c Linux - Security 2 08-16-2003 09:41 PM
ddos attack ashis Linux - Security 1 06-14-2001 02:31 AM


All times are GMT -5. The time now is 02:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration