Happy Holidays all :) I've been getting the below message for a couple of days now and just looking for a little insight. I do the DNS and, as you can see, the *denied update* shows it's the correct version of bind on my Raq3. I have added the offending IP to hosts.allow, did a */etc/rc.d/init.d/inet restart* then added the IP to the route table.
No, I'm not using IPChains yet but I am close to installing as I feel I understand the rules better now (collocated). So, short of not being able to IPChain him, are there any *other* options or things I can do? Is this harmless so I can add to logcheck.ignore? Security Violations =-=-=-=-=-=-=-=-=-= Dec 19 20:34:01 ns named[352]: denied update from [61.175.130.201].7332 for "siteonmyraq.com" Dec 19 20:34:05 ns named[352]: denied update from [61.175.130.201].7335 for "siteonmyraq.com" Dec 19 20:34:08 ns named[352]: denied update from [61.175.130.201].7338 for "siteonmyraq.com" and goes on and on...... Thanks for everyone's help, Dave~ _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
