RE: DNS Server dies after port 1434 attack

  • From: "Robert Zeff" <rzeff@xxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 10 Dec 2003 12:25:21 -0800


> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
> Sent: Wednesday, December 10, 2003 11:31 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: DNS Server dies after port 1434 attack
> 
> http://www.ISAserver.org
> 
> IIS and DNS are 2 different services. Please specify which 
> one you talking about.

Oops, sorry.  DNS running on a Windows 2003 server.

> 
> Why do you have 1 server answering to 2 IPs?

Because I needed ns1.<mydomain> & ns1.<mydowmain>.
I didn't need the redundancy of two servers, but domain registration
requires two.  (Maybe not).

-
Robert

> 
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
> 
> > -----Original Message-----
> > From: Robert Zeff [mailto:rzeff@xxxxxxxxxx]
> > Sent: Wednesday, December 10, 2003 6:22 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] DNS Server dies after port 1434 attack
> > 
> > http://www.ISAserver.org
> > 
> > 
> > I have another odd problem with ISA.  I have a name server 
> (IIS) on an 
> > internal box that answers to 192.168.254.30 & 31
> > 
> > I am publishing this server on ISA for external ip addresses 
> > xx.xx.xx.226 & .227.
> > 
> > Every day or two, sometimes two weeks, one of the 
> publishing rules fails.
> > There are no errors, it just quits forwarding the request.  
> It seems 
> > like it always happens after an attack on port 1434.  From our logs:
> > 
> > 12/10/2003, 1:28:59, 66.77.132.210, xx.xx.xx.253, Udp, 
> 1034, 1434, -, 
> > BLOCKED, xx.xx.xx.xx, -, - 12/10/2003, 1:30:30, 211.154.52.146, 
> > xx.xx.xx.228, Udp, 4529, 53, -, BLOCKED, xx.xx.xx.xx, -, -
> > 
> > Any ideas?
> > 
> > Thanks,
> > -
> > Robert
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: 
> http://www.msexchange.org Windows 
> > Security Resource Site: http://www.windowsecurity.com/ Network 
> > Security Library: http://www.secinf.net/ Windows 2000/NT Fax 
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > johnlist@xxxxxxxxxxxxxxxxxxx
> > To unsubscribe send a blank email to 
> > $subst('Email.Unsub')
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org 
> Windows Security Resource Site: 
> http://www.windowsecurity.com/ Network Security Library: 
> http://www.secinf.net/ Windows 2000/NT Fax Solutions: 
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: rzeff@xxxxxxxxxx To unsubscribe send a blank email 
> to $subst('Email.Unsub')
>

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 12-2003