Pages: [1] Go Down

What is this traffic?

Bill

What is this traffic?

« on: July 23, 2003, 06:07:01 PM »

I keep getting the following log entry:

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Jul 23 12:14:46 sme1 named[3495]: lame server resolving '154.101.115.68.relays.osirusoft.com' (in 'relays.osirusoft.com'?): 203.16.167.1#53

Any idea why these guys would be repeatedly scanning me? I know I am not an open relay so why 4-6 scans a day?

Logged

Mats Karlsson

Re: What is this traffic?

« Reply #1 on: July 23, 2003, 08:02:23 PM »

DNS server uses port 53.

A server is listed as being authoritative, but isn't. A lame server is one that returns cached replies when it should be returning authoritative answers.

Commonly caused by out-of-date secondary DNS. This happens when one does not properly update secondary, or when one provides secondary DNS for another company that doesn't keep the info up-to-date.

/Mats

Logged

Rich Lafferty

Re: What is this traffic?

« Reply #2 on: July 23, 2003, 09:14:22 PM »

There's no scanning there. Your machine did a DNS request for an address in osirusoft.com, their DNS is misconfigured, and your DNS server is telling you that. It's a record of traffic you generated -- you can ignore it.

As to why, I suspect perhaps you have some sort of antispam software installed that does DNS RBL checks?

Logged

Pages: [1] Go Up

« previous next »