LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-17-2015, 07:45 PM   #1
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 2,096

Rep: Reputation: 273Reputation: 273Reputation: 273
zone transfer denied


Some hackers got through to our server with the 'viagra' virus recently. Inspecting the logs I have found hundreds of errors of this kind:
Quote:
Sep 13 12:23:20 ourdomain named[17503]: client 137.226.113.4#55178: view external: zone transfer 'ourdomain.org/AXFR/IN' denied
I guess they're trying to hijack our name server. They don't seem to have succeeded.
 
Old 09-18-2015, 10:15 AM   #2
dijetlo
Senior Member
 
Registered: Jan 2009
Location: RHELtopia....
Distribution: Solaris 11.2/Slackware/RHEL/
Posts: 1,491
Blog Entries: 2

Rep: Reputation: Disabled
It looks to me more like they've tried to exfiltrate your private DNS zones and failed due to a lack of rights.
I'd check the logs to see if any zone transfers did occur during exposure and if so, to whom.
 
Old 09-19-2015, 01:27 PM   #3
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 2,096

Original Poster
Rep: Reputation: 273Reputation: 273Reputation: 273
Quote:
Originally Posted by dijetlo View Post
It looks to me more like they've tried to exfiltrate your private DNS zones
I think that's what I meant when I wrote 'hijack' - or do I misunderstand?

Quote:
Originally Posted by dijetlo View Post
I'd check the logs to see if any zone transfers did occur during exposure and if so, to whom.
I see nothing but failures, but they've tried hundreds of times, apparently from different IPs. I checked out a few of them; 1 was from the University of Aachen, which, I hope, they've either spoofed or hijacked.
 
Old 09-22-2015, 08:53 AM   #4
dijetlo
Senior Member
 
Registered: Jan 2009
Location: RHELtopia....
Distribution: Solaris 11.2/Slackware/RHEL/
Posts: 1,491
Blog Entries: 2

Rep: Reputation: Disabled
Quote:
that's what I meant when I wrote 'hijack'
Sorry for any confusion, unauthorized zone transfer requests are often part of DNS spoofing exploits, you are correct.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NameSurfer Zone Transfer to Bind taga_ipil Linux - Server 0 03-10-2013 04:44 PM
DNS zone Transfer ... Mak007 Linux - Newbie 1 08-24-2011 05:18 PM
how to PowerDNS transfer zone ? phulerock Linux - Server 1 05-22-2009 02:01 PM
Bind Zone Transfer dafunk Linux - Networking 7 03-22-2006 08:21 PM
DNS - Manual zone transfer roboli Linux - Networking 0 02-27-2002 09:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration