Jim Perrin wrote: >On 12/6/05, Sam Drinkard <sam@xxxxxxxxxx> wrote: > > >>Found this entry in the log this morning. Never have seen such >>before....... >> >> --------------------- Named Begin ------------------------ >> >> >>**Unmatched Entries** >> dispatch 0x8ea6e48: shutting down due to TCP receive error: connection reset: 1 Time(s) >> >> ---------------------- Named End ------------------------- >> >>-- >>Snowman >> >> >> > >As I understand it, this is caused by named being fed bad packets, >either by some form of automated attack, or crappy dns server that >named queried on its way to find out what you asked it for. Depending >on the verbosity of the named logs you keep, you could grep this out, >and look at the queries near it to see if there's a particular cause. >Or it may not be worth it to you. > >-- >Jim Perrin >System Architect - UIT >Ft Gordon & US Army Signal Center >_______________________________________________ > > > Thanks Jim. I'd never ever seen anything happen to named, on BSD or Linux before. As for logs, what level of logging is "stock" is what I would expect doing a dump. May give that a shot and see what, if anything is in there. Not really been plagued by hackers too much, but I notice I've been probed several days in a row now from something/body in the same /16 ip block. Don't think it's local to the colocation site tho. -- Snowman