[opensuse] *Help* Am I under some kind of attack??

Tue, 24 Apr 2007 07:07:53 -0700 

Mates,
I am experiencing an excessive load from the internet that looks like some kind of attack. The log entries that repeat over and over are: 


Apr 22 11:14:54 bonza proftpd[10488]: bonza.rbpllc.com 
(216.101.241.110[216.101.241.110]) - FTP session opened.
Apr 22 11:14:54 bonza proftpd[10488]: bonza.rbpllc.com 
(216.101.241.110[216.101.241.110]) - no such user 'alexander'

Apr 22 11:14:55 bonza last message repeated 2 times

Apr 22 11:14:55 bonza proftpd[10488]: bonza.rbpllc.com 
(216.101.241.110[216.101.241.110]) - FTP session closed.
Apr 22 11:14:55 bonza named[5250]: unexpected RCODE (SERVFAIL) resolving 
'110.241.101.216.in-addr.arpa/PTR/IN': 66.76.2.130#53
Apr 22 11:14:56 bonza named[5250]: unexpected RCODE (SERVFAIL) resolving 
'110.241.101.216.in-addr.arpa/PTR/IN': 68.1.208.30#53
Apr 22 11:14:56 bonza named[5250]: unexpected RCODE (SERVFAIL) resolving 
'110.241.101.216.in-addr.arpa/PTR/IN': 68.1.208.25#53
Apr 22 11:14:56 bonza named[5250]: unexpected RCODE (REFUSED) resolving 
'110.241.101.216.in-addr.arpa/PTR/IN': 63.192.50.218#53
Apr 22 11:14:57 bonza named[5250]: unexpected RCODE (REFUSED) resolving 
'110.241.101.216.in-addr.arpa/PTR/IN': 198.69.181.18#53
Apr 22 11:14:57 bonza named[5250]: lame server resolving 
'110.241.101.216.in-addr.arpa' (in '241.101.216.in-addr.arpa'?): 
206.13.29.11#53
Apr 22 11:14:57 bonza named[5250]: lame server resolving 
'110.241.101.216.in-addr.arpa' (in '241.101.216.in-addr.arpa'?): 
206.13.28.11#53
Apr 22 11:14:57 bonza named[5250]: unexpected RCODE (SERVFAIL) resolving 
'110.241.101.216.in-addr.arpa/PTR/IN': 68.1.208.25#53
Apr 22 11:14:58 bonza named[5250]: unexpected RCODE (SERVFAIL) resolving 
'110.241.101.216.in-addr.arpa/PTR/IN': 68.1.208.30#53
Apr 22 11:14:58 bonza named[5250]: unexpected RCODE (SERVFAIL) resolving 
'110.241.101.216.in-addr.arpa/PTR/IN': 66.76.2.130#53
Apr 22 11:14:58 bonza named[5250]: unexpected RCODE (REFUSED) resolving 
'110.241.101.216.in-addr.arpa/PTR/IN': 63.192.50.218#53
Apr 22 11:14:59 bonza named[5250]: unexpected RCODE (REFUSED) resolving 
'110.241.101.216.in-addr.arpa/PTR/IN': 198.69.181.18#53
Apr 22 11:14:59 bonza named[5250]: lame server resolving 
'110.241.101.216.in-addr.arpa' (in '241.101.216.in-addr.arpa'?): 
206.13.29.11#53
Apr 22 11:14:59 bonza named[5250]: lame server resolving 
'110.241.101.216.in-addr.arpa' (in '241.101.216.in-addr.arpa'?): 
206.13.28.11#53



The biggest question is what can I do to stop this?? Is there an effective 
firewall rule or IP table recipe that will help?? The load caused the server 
to lock up last night causing a great deal of havoc. Any wise advise would 
be welcomed.


--
David C. Rankin, J.D., P.E.
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
--

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to