What does this mean in the logfile

2 posts / 0 new

Topic locked

Last post

#1 Tue, 12/16/2014 - 20:55

allardsmol

What does this mean in the logfile

Hello,

i have a problem and that is that my logifile is getting full of the following logrules

My question is:: Is this an attack and how can I block it. I hope someone can help! Thanks very much in advance!

Dec 17 02:54:03 host1 named[1252]: client 127.0.0.1#39947: query (cache) '94.233.276.14.in-addr.arpa/PTR/IN' denied
Dec 17 02:54:03 host1 named[1252]: client 127.0.0.1#38550: query (cache) '96.221.226.88.access.telenet.be/AAAA/IN' denied
Dec 17 02:54:03 host1 named[1252]: client 127.0.0.1#54350: query (cache) '96.221.226.88.access.telenet.be/A/IN' denied
Dec 17 02:54:03 host1 named[1252]: client 127.0.0.1#42080: query (cache) '94.233.276.14.in-addr.arpa/PTR/IN' denied
Dec 17 02:54:03 host1 named[1252]: client 127.0.0.1#55315: query (cache) '96.221.226.88.access.telenet.be/AAAA/IN' denied
Dec 17 02:54:03 host1 named[1252]: client 127.0.0.1#54263: query (cache) '96.221.226.88.access.telenet.be/A/IN' denied
Dec 17 02:54:04 host1 named[1252]: client 127.0.0.1#42850: query (cache) '94.233.276.14.in-addr.arpa/PTR/IN' denied
Dec 17 02:54:04 host1 named[1252]: client 127.0.0.1#45854: query (cache) '96.221.226.88.access.telenet.be/AAAA/IN' denied
Dec 17 02:54:04 host1 named[1252]: client 127.0.0.1#47156: query (cache) '96.221.226.88.access.telenet.be/A/IN' denied
Dec 17 02:54:04 host1 named[1252]: client 127.0.0.1#36132: query (cache) '94.233.276.14.in-addr.arpa/PTR/IN' denied
Dec 17 02:54:04 host1 named[1252]: client 127.0.0.1#52749: query (cache) '94.233.276.14.in-addr.arpa/PTR/IN' denied
Dec 17 02:54:04 host1 named[1252]: client 127.0.0.1#54969: query (cache) '94.233.276.14.in-addr.arpa/PTR/IN' denied
Dec 17 02:54:04 host1 named[1252]: client 127.0.0.1#45461: query (cache) '96.221.226.88.access.telenet.be/AAAA/IN' denied
Dec 17 02:54:04 host1 named[1252]: client 127.0.0.1#35925: query (cache) '96.221.226.88.access.telenet.be/AAAA/IN' denied
Dec 17 02:54:04 host1 named[1252]: client 127.0.0.1#59344: query (cache) '96.221.226.88.access.telenet.be/AAAA/IN' denied
Dec 17 02:54:04 host1 named[1252]: client 127.0.0.1#59560: query (cache) '96.221.226.88.access.telenet.be/A/IN' denied
Dec 17 02:54:04 host1 named[1252]: client 127.0.0.1#50973: query (cache) '96.221.226.88.access.telenet.be/A/IN' denied
Dec 17 02:54:04 host1 named[1252]: client 127.0.0.1#48800: query (cache) '96.221.226.88.access.telenet.be/A/IN' denied
Dec 17 02:54:05 host1 named[1252]: client 127.0.0.1#39378: query (cache) './A/IN' denied
Dec 17 02:54:05 host1 named[1252]: client 127.0.0.1#47307: query (cache) './A/IN' denied
Dec 17 02:54:14 host1 named[1252]: client 127.0.0.1#44055: query (cache) '94.233.276.14.in-addr.arpa/PTR/IN' denied
Dec 17 02:54:14 host1 named[1252]: client 127.0.0.1#35270: query (cache) '96.221.226.88.access.telenet.be/AAAA/IN' denied
Dec 17 02:54:14 host1 named[1252]: client 127.0.0.1#46971: query (cache) '96.221.226.88.access.telenet.be/A/IN' denied
Dec 17 02:54:27 host1 named[1252]: client 127.0.0.1#56440: query (cache) '94.233.276.14.in-addr.arpa/PTR/IN' denied
Dec 17 02:54:27 host1 named[1252]: client 127.0.0.1#40213: query (cache) '96.221.226.88.access.telenet.be/AAAA/IN' denied
Dec 17 02:54:27 host1 named[1252]: client 127.0.0.1#58945: query (cache) '96.221.226.88.access.telenet.be/A/IN' denied
Dec 17 02:54:28 host1 named[1252]: client 127.0.0.1#60201: query (cache) '94.233.276.14.in-addr.arpa/PTR/IN' denied
Dec 17 02:54:28 host1 named[1252]: client 127.0.0.1#51452: query (cache) '96.221.226.88.access.telenet.be/AAAA/IN' denied
Dec 17 02:54:28 host1 named[1252]: client 127.0.0.1#48233: query (cache) '96.221.226.88.access.telenet.be/A/IN' denied
Dec 17 02:54:28 host1 named[1252]: client 127.0.0.1#50750: query (cache) '94.233.276.14.in-addr.arpa/PTR/IN' denied
Dec 17 02:54:28 host1 named[1252]: client 127.0.0.1#41909: query (cache) '96.221.226.88.access.telenet.be/AAAA/IN' denie

#2 Thu, 01/08/2015 - 00:04

tpnsolutions

Hi,

You should look into implementing an Intrusion Detection System like "fail2ban" or my favorite "ossec".

Fail2Ban http://www.fail2ban.org/

OSSEC http://www.ossec.net/

If you require assistance in installing one of these, or anything else drop me a line on Skype.

Best Regards,
Peter Knowles
TPN Solutions

Email: pknowles@tpnsolutions.com
Phone: 604-782-9342
Skype: tpnsupport
Website: http://www.tpnsolutions.com

Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist

Topic locked