Hi, everybody In a log going back to 10 feb that i had downloaded to my pc, i found that it was full of records loke this: Feb 10 06:56:53 www named[9240]: Cleaned cache of 196 RRsets Feb 10 06:56:53 www named[9240]: USAGE 981784613 981587182 CPU=51.1u/37.41s CHILDCPU=43.88u/67.6s Feb 10 06:56:53 www named[9240]: NSTATS 981784613 981587182 A=13986 NS=4 CNAME=64 SOA=12947 PTR=33510 MX=2950 TXT=88 AAAA=50 SRV=125 38=1 AXFR=60 ANY=8364 Feb 10 06:56:53 www named[9240]: XSTATS 981784613 981587182 RR=33964 RNXD=2314 RFwdR=20690 RDupR=9 RFail=146 RFErr=0 RErr=9 RAXFR=60 RLame=459 ROpts=0 SSysQ=15561 SAns=70110 SFwdQ=18534 SDupQ=15653 SErr=0 RQ=74759 RIQ=94 RFwdQ=18534 RDupQ=145 RTCP=4787 SFwdR=20690 SFail=1 SFErr=0 SNaAns=34946 SNXD=7552 RUQ=0 RURQ=0 RUXFR=0 RUUpd=879 Feb 10 06:57:06 www named[9240]: Err/TO getting serial# for "webavec.com" Feb 10 06:57:18 www named[9240]: Err/TO getting serial# for "wayout.org" Feb 10 06:58:19 www named[9240]: Err/TO getting serial# for "dirtypositions.com" Feb 10 06:58:48 www named[9240]: Err/TO getting serial# for "mortenbrandt.com" Feb 10 06:59:20 www named[9240]: Err/TO getting serial# for "mortenbrandt.no" Feb 10 06:59:37 www named[9240]: Err/TO getting serial# for "millanium.org" Feb 10 06:59:57 www named[9240]: Err/TO getting serial# for "effektivbedrift.no" Feb 10 07:00:05 www modprobe: can't locate module net-pf-10 Feb 10 07:00:05 www kernel: family 10 not registered Feb 10 07:00:18 www named[9240]: Err/TO getting serial# for "namdal.net" Feb 10 07:00:21 www proftpd[1308]: www.euroweb.no (localhost[127.0.0.1]) - FTP session closed. Feb 10 07:00:31 www telnetd[1312]: ttloop: read: Broken pipe Feb 10 07:00:40 www named[9240]: Err/TO getting serial# for "mrpositions.com" Feb 10 07:01:15 www named[9240]: Err/TO getting serial# for "crpositions.com" Feb 10 07:01:32 www named[9240]: Err/TO getting serial# for "jimmytravel.net" Feb 10 07:01:40 www named[9240]: Err/TO getting serial# for "meditasjon.no" Feb 10 07:01:47 www named[9240]: Err/TO getting serial# for "vestvik.as" Could this have somthing to do with my raq3 beeing hacked? Maybe first hack was already back then. I also rember that around that time my network suplier had to disconect themy raq3 becuse it constantely had very large "bootp" traffic. that blocked the rest of the network. Does this log make sombody get a clue? (I am a newbi and my head is not doing so good, after going thru logs and looking for ghosts/hacks that I dont realy have the knowledge for doing) regards Vennlig hilsen Kai R Schantz Euroweb AS Verksgaten 42 N-4013 Stavanger Tlf:+47 51 89 64 64 fax:+47 51 89 56 41 www.euroweb.no _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
