On Thu, Jul 19, 2001 at 02:10:47PM -0500, Seth Bernsen wrote:
> With this message I'm sure to unleash a maelstrom of critisism, but here
> goes anyway.  I have a RH6.2 machine hooked up on the internet.  It's
> pretty much configured out of the box, no patches.

Ouch...  How old is 6.2?  (Aren't they on 7.1 now?  Or was that just my
imagination?)

> >Please keep me aprised of any actions taken against this offender. I find
> >this matter to be serious and would appreciate something being done in an
> >expedient manner.

Based on the provided information, he's nuts.  Unless he has logs showing
that a specific exploit was attempted, there's no evidence that it wasn't
just a legitimate, but misdirected, DNS request.

> My question is, what is a DNS PORT PROBE?  Does that just mean that a
> program requested service of his computer on port number 53?

Probably.

> If so,
> what's so wrong with that?

Nothing.

> Also, does the fact that this request came
> from my computer mean someone has broken in and is attempting
> connections from my computer?

No.  DNS uses UDP, which makes is very easy to forge a source address.
However, if I were you, I'd take a hard look at the system to see
whether there is any evidence of intrusion, then upgrade to the lastest
version of $DISTRO and apply all available security patches.  No sense
in leaving the door wide open.

-- 
It's as if we outlawed cars on the principle that they could be used
to help crooks escape from bank robberies. - Dan Gillmore on the DMCA