FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 07-01-2012, 03:52 PM
Camaleón
 
Default port 53

On Sun, 01 Jul 2012 23:26:58 +0800, lina wrote:

> (1) What shall I do if lots of foreign address connected to my port 53
> (details see the bottom),

If you are serving DNS requests, that's normal...

> (2) ssh: Could not resolve hostname at the same time.

What?!

> (3) Seems it's initiated by iceweasle.
>
> I am not experienced, thanks ahead for any suggestions.
>
> 128.8.10.90#53

sm01@stt008:~$ host 128.63.2.53
53.2.63.128.in-addr.arpa domain name pointer h.root-servers.net.

> 208.93.136.12#53

sm01@stt008:~$ host 208.93.136.12
12.136.93.208.in-addr.arpa domain name pointer DNS12.CTNDO.NET.

> 2001:dc3::35#53
> 192.58.128.30#53

sm01@stt008:~$ host 192.58.128.30
30.128.58.192.in-addr.arpa domain name pointer j.root-servers.net.

(...)

Now you know how it works :-)

> 216.239.32.10#53

sm01@stt008:~$ host 216.239.38.10
10.38.239.216.in-addr.arpa domain name pointer ns4.google.com.

Re-think a bit what's your system configuration. You should be running a
DNS server by some reason and it should have been setup for someone... if
you are completely unaware of this situation, ask to your network/system
administrator about this.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/jsprn9$69j$27@dough.gmane.org
 
Old 07-01-2012, 04:14 PM
lina
 
Default port 53

On Sun, Jul 1, 2012 at 11:52 PM, Camaleón <noelamac@gmail.com> wrote:
> On Sun, 01 Jul 2012 23:26:58 +0800, lina wrote:
>
>> (1) What shall I do if lots of foreign address connected to my port 53
>> (details see the bottom),
>
> If you are serving DNS requests, that's normal...
>
>> (2) ssh: Could not resolve hostname at the same time.
>
> What?!

It's very nice of you "being around".
My knowledge about those things is very vulnerable, so there is no
surprise many times I did some illiterate guessing.

Thanks, still can't resolve the hostname. Perhaps will wait for Monday
and contact someone.
I did configure the exim4 and hours ago was a bit happy about that.
Now it still does not work after purging the exim4.

BTW, any suggestions about how to examine are sincerely welcome.

Best regards,
>
>> (3) Seems it's initiated by iceweasle.
>>
>> I am not experienced, thanks ahead for any suggestions.
>>
>> 128.8.10.90#53
>
> sm01@stt008:~$ host 128.63.2.53
> 53.2.63.128.in-addr.arpa domain name pointer h.root-servers.net.
>
>> 208.93.136.12#53
>
> sm01@stt008:~$ host 208.93.136.12
> 12.136.93.208.in-addr.arpa domain name pointer DNS12.CTNDO.NET.
>
>> 2001:dc3::35#53
>> 192.58.128.30#53
>
> sm01@stt008:~$ host 192.58.128.30
> 30.128.58.192.in-addr.arpa domain name pointer j.root-servers.net.
>
> (...)
>
> Now you know how it works :-)
>
>> 216.239.32.10#53
>
> sm01@stt008:~$ host 216.239.38.10
> 10.38.239.216.in-addr.arpa domain name pointer ns4.google.com.
>
> Re-think a bit what's your system configuration. You should be running a
> DNS server by some reason and it should have been setup for someone... if
> you are completely unaware of this situation, ask to your network/system
> administrator about this.
>
> Greetings,
>
> --
> Camaleón
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/jsprn9$69j$27@dough.gmane.org
>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAG9cJmmm+eTy940rYKPjvrvdNro0Z7dG9VnczdPh+AAFT31eA g@mail.gmail.com">http://lists.debian.org/CAG9cJmmm+eTy940rYKPjvrvdNro0Z7dG9VnczdPh+AAFT31eA g@mail.gmail.com
 
Old 07-01-2012, 04:45 PM
Camaleón
 
Default port 53

On Mon, 02 Jul 2012 00:14:52 +0800, lina wrote:

> On Sun, Jul 1, 2012 at 11:52 PM, Camaleón <noelamac@gmail.com> wrote:

>>> (2) ssh: Could not resolve hostname at the same time.
>>
>> What?!
>
> It's very nice of you "being around". My knowledge about those things is
> very vulnerable, so there is no surprise many times I did some
> illiterate guessing.

The problem, Lina, is that when reporting a problem you have to provide
any data so the rest of us who are reading your posts can imagine what
you are doing, and better than guessing would be that you say "when
running command A I get B and here is the output".

I can't imagine where that "ssh could not resolve hostname" is coming
from. Is it related to the connections on port 53, is it appearing in
your logs, is it... what is it? :-)

> Thanks, still can't resolve the hostname.

?

> Perhaps will wait for Monday and contact someone.

And kindly explain in detail what's going on or your admin will go nuts.

> I did configure the exim4 and hours ago was a bit happy about that.

I don't see any relation between Exim4, connections to port 53 and ssh...

> Now it still does not work after purging the exim4.

What is what does not work... now? (stumped).

> BTW, any suggestions about how to examine are sincerely welcome.

You're welcome.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/jspuqd$69j$30@dough.gmane.org
 
Old 07-01-2012, 08:52 PM
Pascal Hambourg
 
Default port 53

Hello,

lina a écrit :
>
> (1) What shall I do if lots of foreign address connected to my port 53
> (details see the bottom),

How do you see that list ?
These addresses do not connect to your port 53. You (try to) send
requests to their port 53 and/or they (try to) reply to you. They are
all DNS servers.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4FF0B880.1070106@plouf.fr.eu.org">http://lists.debian.org/4FF0B880.1070106@plouf.fr.eu.org
 
Old 07-01-2012, 09:04 PM
Joe
 
Default port 53

On Sun, 1 Jul 2012 23:26:58 +0800
lina <lina.lastname@gmail.com> wrote:

> Hi,
>
> (1) What shall I do if lots of foreign address connected to my port 53
> (details see the bottom),
>

Not worry about it. I get a lot of attempted connections to 53, which
are all completely bogus as no public DNS server has run on this IP
address for at least thirteen years that I know of, and my IP address is
certainly not listed anywhere as a nameserver for any of my domains.
Many connections come from China...

There have been a number of BIND vulnerabilities over the years, and
I'm sure MS has had a similar number, and there are a few weaknesses
involved theoretically with DNS. Control of a DNS server, even a
private one, is a rich prize for a cracker, so it's a heavily-attacked
service.

> (2) ssh: Could not resolve hostname at the same time.

I wouldn't see much connection there. It sounds as if something is
amiss with your DNS setup, as others have said. Your local DNS server,
whatever it is, should not be open to the Internet, and there really
should be no link with these external connection attempts.

>
> (3) Seems it's initiated by iceweasle.
>

Mine mostly are random, but some of them have some connection with
whatever my son does by way of Internet gaming. His computer is in my
DMZ.

If you're browsing commercial sites, you're probably accessing many
other sites without your knowledge. Just about every commercial webpage
now seems to include JavaScript to connect to all the social networks
known to Man, as well as various Google functions and ad trackers. I
run No-Script in FF/IW (there are many other script-control add-ins)
to try to minimise this rubbish, but most web designers today seem
incapable of displaying anything without using JavaScript.

--
Joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120701220423.2872913c@jretrading.com">http://lists.debian.org/20120701220423.2872913c@jretrading.com
 
Old 07-01-2012, 11:52 PM
Celejar
 
Default port 53

On Sun, 1 Jul 2012 22:04:23 +0100
Joe <joe@jretrading.com> wrote:

...

> If you're browsing commercial sites, you're probably accessing many
> other sites without your knowledge. Just about every commercial webpage
> now seems to include JavaScript to connect to all the social networks
> known to Man, as well as various Google functions and ad trackers. I
> run No-Script in FF/IW (there are many other script-control add-ins)
> to try to minimise this rubbish, but most web designers today seem
> incapable of displaying anything without using JavaScript.

Ghostery is good for blocking the sort of connections you're describing.

> Joe

Celejar


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120701195245.7866ad6d.celejar@gmail.com">http://lists.debian.org/20120701195245.7866ad6d.celejar@gmail.com
 
Old 07-02-2012, 02:37 AM
lina
 
Default port 53

On Mon, Jul 2, 2012 at 5:04 AM, Joe <joe@jretrading.com> wrote:
> On Sun, 1 Jul 2012 23:26:58 +0800
> lina <lina.lastname@gmail.com> wrote:
>
>> Hi,
>>
>> (1) What shall I do if lots of foreign address connected to my port 53
>> (details see the bottom),
>>
>
> Not worry about it. I get a lot of attempted connections to 53, which
> are all completely bogus as no public DNS server has run on this IP
> address for at least thirteen years that I know of, and my IP address is
> certainly not listed anywhere as a nameserver for any of my domains.
> Many connections come from China...

It's the first time I notice this phenomenon. :-) indeed worry lots at
that time. Thanks.
A quite interesting piece of news is that many Chinese domestic
computers are controlled by oversea IP address. (See the link
http://english.cntv.cn/20120320/107134.shtml)
>
> There have been a number of BIND vulnerabilities over the years, and
> I'm sure MS has had a similar number, and there are a few weaknesses
> involved theoretically with DNS. Control of a DNS server, even a
> private one, is a rich prize for a cracker, so it's a heavily-attacked
> service.
>
>> (2) ssh: Could not resolve hostname at the same time.
>
> I wouldn't see much connection there. It sounds as if something is
> amiss with your DNS setup, as others have said. Your local DNS server,
> whatever it is, should not be open to the Internet, and there really
> should be no link with these external connection attempts.

I don't know how to check the "amiss" you mentioned above.

>
>>
>> (3) Seems it's initiated by iceweasle.
>>
>
> Mine mostly are random, but some of them have some connection with
> whatever my son does by way of Internet gaming. His computer is in my
> DMZ.
>
> If you're browsing commercial sites, you're probably accessing many
> other sites without your knowledge. Just about every commercial webpage
> now seems to include JavaScript to connect to all the social networks
> known to Man, as well as various Google functions and ad trackers. I
> run No-Script in FF/IW (there are many other script-control add-ins)
> to try to minimise this rubbish, but most web designers today seem
> incapable of displaying anything without using JavaScript.

Best regards,
>
> --
> Joe
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20120701220423.2872913c@jretrading.com
>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAG9cJm=F8PLbBi=hTVppyeAJwThYCckRrqw3Byq-kx1AcmXn-A@mail.gmail.com
 
Old 07-02-2012, 02:40 AM
lina
 
Default port 53

On Mon, Jul 2, 2012 at 4:52 AM, Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
> Hello,
>
> lina a écrit :
>>
>> (1) What shall I do if lots of foreign address connected to my port 53
>> (details see the bottom),
>
> How do you see that list ?

>From syslog,
# grep '#53$' /var/log/syslog | awk '{print $NF}'
2a01:111:2006:6::1:1#53

> These addresses do not connect to your port 53. You (try to) send
> requests to their port 53 and/or they (try to) reply to you. They are
> all DNS servers.

Thanks for explaination. I really know so little.

Best regards,

>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/4FF0B880.1070106@plouf.fr.eu.org
>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAG9cJmndJ6Tfj6C9Oxorad90s9xhi+b5a-Gevqd1_to8J-o4tQ@mail.gmail.com">http://lists.debian.org/CAG9cJmndJ6Tfj6C9Oxorad90s9xhi+b5a-Gevqd1_to8J-o4tQ@mail.gmail.com
 
Old 07-02-2012, 03:09 AM
lina
 
Default port 53

I start to realize that the "Can't resolve the hostname" was caused by
the installation of the resolvconf yesterday.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAG9cJmmDCE7W7jy0bzKMp8X+qXoEAoJbsi9=f1c5YPddD27sm g@mail.gmail.com
 

Thread Tools




All times are GMT. The time now is 12:56 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org