Date: Sun, 18 Feb 2001 22:26:11 -0800 From: Doug Barton <DougB@dougbarton.net> To: GB Clark II <gclarkii@geektech.com> Cc: freebsd-questions@freebsd.org Subject: Re: BIND 8.2.3-R crashing Message-ID: <3A90BC83.E5EB3018@dougbarton.net> References: <01021410563903.18874@prime.vsservices.com>
next in thread | previous in thread | raw e-mail | index | archive | help
GB Clark II wrote: > > Hello, > > I've got a primary name server running BIND 8.2.3-Release. > BIND will crash every so often and need restarted. As a stop-gap I've > got a crontab to ndc restart it every hour. > I suspect a memory problem (we are upgrading to 512MB) but named is a memory pig... it's vital that it has a solid system to run on, and deadly for it to swap. > I do see the following from BIND every so often: > > Feb 14 04:26:23 a2 named[125]: dropping source port zero packet from [63.229.217 > .207].0 > Feb 14 04:26:35 a2 last message repeated 8 times > > It looks like an attack but I'm not real sure. Anyone have an idea on this? That does look suspicious, yes. There's no good reason to allow traffic from source port zero, and IIRC there are some system exploits that have that source port, so I'd block it at your border. Good luck, Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A90BC83.E5EB3018>