<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/1.0.1">
</HEAD>
<BODY>
Jim and all:
<BR>
<BR>
I'll look into this today and find out why. Can you tell me (private mail is fine) the address of your DNS servers? We've had to step up how aggressive PortSentry is due to some odd traffic lately. If, for some reason, the DNS servers you are using got into our list, we may be ignoring traffic from them.
<BR>
<BR>
Lately, I feel like our PortSentries are a public service. I've found Nimda running around on quite a few NT/2000 boxes as well as a few Linux, *BSD, and Solaris boxes that had been rooted and were being used for probing and attacks. I'd say somewhere in the range of 60 or so just in December alone.
<BR>
<BR>
Remember, PortSentry and TripWire are your friends. Your very *good* friends. They're like the big guys on the playground keeping the mean kids away from the monkey bars.
<BR>
<BR>
Dave Hahn
<BR>
<A HREF="mailto:dhahn@techangle.com">dhahn@techangle.com</A>
<BR>
<BR>
<BR>
On Fri, 2002-01-11 at 07:49, Jim Ockers wrote:
<BLOCKQUOTE>
<PRE><FONT COLOR="#737373"><FONT SIZE="3"><I>Sorry all for the broad post regarding a relatively narrow</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>network issue. The clue.denver.co.us DNS servers are listed</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>in the zonefile as "ta5.techangle.com" and "dns0.techangle.com" .</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>There is a problem with dns0.techangle.com, as it is a CNAME</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>to 199.239.19.9.techangle.com. which is a nonexistent host.</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>(At least I can't get an A record in the DNS for it.)</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>What does this have to do with the CLUE list? Well I sent an</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>e-mail to the list but my DNS server is refusing to resolve</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>the MX for @clue.denver.co.us because it thinks it wants to</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>query dns0.techangle.com for the DNS information but that</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>host doesn't exist.</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>I'm sure Dave Hahn or one of the tech wizards at Techangle will</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>fix this ASAP. I just wanted to let you know.</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>Regards,</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>JimO</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>_______________________________________________</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>CLUE-Tech mailing list</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>CLUE-Tech@clue.denver.co.us</FONT></FONT></I></PRE>
</BLOCKQUOTE>
<A HREF="http://clue.denver.co.us/mailman/listinfo/clue-tech"><FONT SIZE="3"><I>http://clue.denver.co.us/mailman/listinfo/clue-tech</FONT></I></A>
<BLOCKQUOTE>
<PRE></PRE>
</BLOCKQUOTE>
</BODY>
</HTML>