suspect syslog entries

permalink · #1 (**permalink**) 07-07-2003

I wonder if anyone could help me with the following:
This morning I found 2,000 + syslog entires of the type
"stream_getlen([159.194.67.202].1428): Connection refused" all within 6
seconds.
These notes were followed by a "few recv(len=3D2): Connection timed =
out" and
"accept: No buffer space available" notes
These logs are from an internal dns server running bind 8.4.0 on a =
HP-UX
11.i system=20
Would appropriate to think that my dns server had been the victim of a =
DOS
attack?

OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1428): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1430): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1432): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1434): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1436): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1438): Connection refusedI =BD
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1440): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1442): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1444): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1446): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1448): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1450): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1452): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1454): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1456): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]:
stream_getlen([159.194.67.202].1458): Connection refused
OLDsyslog.W27: Jul 4 11:17:09 osldns02 named[14837]: accept: No buffer
space available
OLDsyslog.W27: Jul 4 11:21:05 osldns02 named-xfer[4641]: =
recv(len=3D2):
Connection timed out
OLDsyslog.W27: Jul 4 11:27:30 osldns02 named-xfer[4671]: =
recv(len=3D2):
Connection timed out
OLDsyslog.W27: Jul 4 11:29:34 osldns02 named[14837]: accept: No buffer
space available
OLDsyslog.W27: Jul 4 11:29:34 osldns02 named[14837]: accept: No buffer
space available
OLDsyslog.W27: Jul 4 11:31:34 osldns02 named[14837]: accept: No buffer
space available
OLDsyslog.W27: Jul 4 11:31:34 osldns02 named[14837]: accept: No buffer
space available
OLDsyslog.W27: Jul 4 11:33:35 osldns02 named[14837]: accept: No buffer
space available
OLDsyslog.W27: Jul 4 11:33:35 osldns02 named[14837]: accept: No buffer
space available
OLDsyslog.W27: Jul 4 11:41:48 osldns02 named[14837]: accept: No buffer
space available

Peter Davies
Dns Administrator
Enterprise Systems & Network Management
CPHXN-M

ScandinavianIT
Phone: +45 32 32 53 70
Fax: +54 32 32 67 31
www.scandinavianIT.com

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode