david rankin wrote:
Mates,
I am experiencing an excessive load from the internet that looks
like some kind of attack. The log entries that repeat over and over are:
Apr 22 11:14:54 bonza proftpd[10488]: bonza.rbpllc.com
(216.101.241.110[216.101.241.110]) - FTP session opened.
Apr 22 11:14:54 bonza proftpd[10488]: bonza.rbpllc.com
(216.101.241.110[216.101.241.110]) - no such user 'alexander'
Apr 22 11:14:55 bonza last message repeated 2 times
Apr 22 11:14:55 bonza proftpd[10488]: bonza.rbpllc.com
(216.101.241.110[216.101.241.110]) - FTP session closed.
Apr 22 11:14:55 bonza named[5250]: unexpected RCODE (SERVFAIL)
resolving '110.241.101.216.in-addr.arpa/PTR/IN': 66.76.2.130#53
Apr 22 11:14:56 bonza named[5250]: unexpected RCODE (SERVFAIL)
resolving '110.241.101.216.in-addr.arpa/PTR/IN': 68.1.208.30#53
Apr 22 11:14:56 bonza named[5250]: unexpected RCODE (SERVFAIL)
resolving '110.241.101.216.in-addr.arpa/PTR/IN': 68.1.208.25#53
Apr 22 11:14:56 bonza named[5250]: unexpected RCODE (REFUSED)
resolving '110.241.101.216.in-addr.arpa/PTR/IN': 63.192.50.218#53
Apr 22 11:14:57 bonza named[5250]: unexpected RCODE (REFUSED)
resolving '110.241.101.216.in-addr.arpa/PTR/IN': 198.69.181.18#53
Apr 22 11:14:57 bonza named[5250]: lame server resolving
'110.241.101.216.in-addr.arpa' (in '241.101.216.in-addr.arpa'?):
206.13.29.11#53
Apr 22 11:14:57 bonza named[5250]: lame server resolving
'110.241.101.216.in-addr.arpa' (in '241.101.216.in-addr.arpa'?):
206.13.28.11#53
Apr 22 11:14:57 bonza named[5250]: unexpected RCODE (SERVFAIL)
resolving '110.241.101.216.in-addr.arpa/PTR/IN': 68.1.208.25#53
Apr 22 11:14:58 bonza named[5250]: unexpected RCODE (SERVFAIL)
resolving '110.241.101.216.in-addr.arpa/PTR/IN': 68.1.208.30#53
Apr 22 11:14:58 bonza named[5250]: unexpected RCODE (SERVFAIL)
resolving '110.241.101.216.in-addr.arpa/PTR/IN': 66.76.2.130#53
Apr 22 11:14:58 bonza named[5250]: unexpected RCODE (REFUSED)
resolving '110.241.101.216.in-addr.arpa/PTR/IN': 63.192.50.218#53
Apr 22 11:14:59 bonza named[5250]: unexpected RCODE (REFUSED)
resolving '110.241.101.216.in-addr.arpa/PTR/IN': 198.69.181.18#53
Apr 22 11:14:59 bonza named[5250]: lame server resolving
'110.241.101.216.in-addr.arpa' (in '241.101.216.in-addr.arpa'?):
206.13.29.11#53
Apr 22 11:14:59 bonza named[5250]: lame server resolving
'110.241.101.216.in-addr.arpa' (in '241.101.216.in-addr.arpa'?):
206.13.28.11#53
The biggest question is what can I do to stop this?? Is there an
effective firewall rule or IP table recipe that will help?? The load
caused the server to lock up last night causing a great deal of havoc.
Any wise advise would be welcomed.
Do you actually have an FTP server available? If so, you may want to
consider a more secure method such as sftp or scp. If not, your
firewall should be configured to block all such attempts. If you need
to have the server available, you can configure the firewall to restrict
the acceptable addresses or block known hostile sites. Without knowing
more about your situation, I can't be more specific.
--
Use OpenOffice.org <http://www.openoffice.org>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
