The DNS server received a bad TCP-based DNS message from 78.251.84.232. The packet was rejected or ignored. The event data contains the DNS packet.
0000: 49 54 4f 4e 20 53 69 73 ITON Sis
0008: 3a 70 6d 6e 20 53 49 50 :pmn SIP
0010: 2f 32 2e 30 0d 0a 56 69 /2.0..Vi
0018: 61 3a 20 53 49 50 2f 32 a: SIP/2
0020: 2e 30 2f 54 43 50 20 6e .0/TCP n
0028: 6d 3b 62 72 61 6e 63 68 m;branch
0030: 3d 66 6f 6f 0d 0a 46 72 =foo..Fr
0038: 6f 6d 3a 20 3c 73 69 70 om:
0048: 74 61 67 3d 72 6f 6f 74 tag=root
0050: 0d 0a 54 6f 3a 20 3c 73 ..To: ..C
0068: 6c 2d 49 44 3a 20 35 30 l-ID: 50
0070: 30 30 30 0d 0a 43 53 65 000..CSe
0078: 71 3a 20 34 32 20 4f 50 q: 42 OP
Which, read as a block is:
ITON Sis:pmn SIP/2.0..Via: SIP/2.0/TCP n m;branch=foo..From:
As far as I can make out that SIP is a VOIP system (Voice over IP), where someone has attempted to connect via VOIP to the DNS port of the nameserver.
Another request was;
0000: 20 54 2f 6e 63 69 25 65 T/nci%e
0008: 30 32 6f 70 72 74 73 25 02oprts%
0010: 32 43 2f 54 72 69 25 36 2C/Tri%6
0018: 45 69 74 79 2e 74 78 74 Eity.txt
0020: 25 32 65 62 61 6b 20 48 %2ebak H
0028: 54 54 50 2f 31 2e 30 0d TTP/1.0.
0030: 0a 0d 0a 00 00 00 00 00 ........
Which reads as €rts%2C/Tri%6Eity.txt%2ebak - €rts,/Trinity.txt.bak
As a quote from "http://www.uusikaupunki.fi/~bgt/blog/bgt_mindscape_0805.php"
GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0
[...] Trinity.txt.bak, which is a file name chosen as one that the software developers are sure enough that can't be found on server and does provide with a 404 error message. Apparently this string in the logs suggests a probe by a piece of software calles Nmap ...
Ironically enough, the character "Trinity" from the Matrix uses NMap to hack into
a powerstation "http://www.youtube.com/watch?v=0TJuipCrjZQ", and possibly my DNS server also! :)
No comments:
Post a Comment