On Thu, Jul 19, 2001 at 02:10:47PM -0500, Seth Bernsen wrote: > With this message I'm sure to unleash a maelstrom of critisism, but here > goes anyway. I have a RH6.2 machine hooked up on the internet. It's > pretty much configured out of the box, no patches. Ouch... How old is 6.2? (Aren't they on 7.1 now? Or was that just my imagination?) > >Please keep me aprised of any actions taken against this offender. I find > >this matter to be serious and would appreciate something being done in an > >expedient manner. Based on the provided information, he's nuts. Unless he has logs showing that a specific exploit was attempted, there's no evidence that it wasn't just a legitimate, but misdirected, DNS request. > My question is, what is a DNS PORT PROBE? Does that just mean that a > program requested service of his computer on port number 53? Probably. > If so, > what's so wrong with that? Nothing. > Also, does the fact that this request came > from my computer mean someone has broken in and is attempting > connections from my computer? No. DNS uses UDP, which makes is very easy to forge a source address. However, if I were you, I'd take a hard look at the system to see whether there is any evidence of intrusion, then upgrade to the lastest version of $DISTRO and apply all available security patches. No sense in leaving the door wide open. -- It's as if we outlawed cars on the principle that they could be used to help crooks escape from bank robberies. - Dan Gillmore on the DMCA