[mdlug] Strange Log Entry

Mat Enders mat.enders at gmail.com
Fri Apr 12 10:53:37 EDT 2013 

Why are you using a service to o this you can set whatever you want to use
as your DNS in /etc/resolv.conf.  But then can not use DHCP as it will
overwrite your resolv.conf file so just set a staic address on your linux
machine.  If your DHCP server is not sophisticated enough to do that just
set the highest address your DHCP server gives out and it is most likely
that nothing else will ever be assigned this address.


On Fri, Apr 12, 2013 at 10:37 AM, A. Zimmer <andrew.zimmer at comcast.net>wrote:

> On Fri, 12 Apr 2013 06:57:50 -0400
> Adam Behnke <abehnke at gmail.com> wrote:
>
> > i'm thinking the window machine has been comprised and south africa is
> > poking around your internal network. the easiest fix/test is to
> > reformat/reinstall the windows box and see what happens.
> >
>
> That may seem a reasonable suspicion, but I don't think my Windows machine
> is compromised.
>
> I suspect the cause is the pdnsd utility on my Linux machine.
>
> Now that I remember correctly, I only set up Windows on that machine
> recently and it has never connected to the network with an address
> of 192.168.0.4.  In fact the address 192.168.0.4 does not exist anywhere
> on my local network.
>
> When these log messages occur, my Linux machine is the only machine
> on the network and its address is 192.168.0.2.  The question is: Why
> is it accepting packets for 192.168.0.4?  Since the log message is
> from the Linux kernel, the packet has been
>
> I suspect that it may be the pdnsd utility, which I use to bypass
> the DNS server of my ISP (Comcast).  Pdnsd allows my Linux machine
> to act as a DNS server for itself and also provides DNS caching.
>
> The only place where 192.168.0.4 can be found is within certain config
> files on my Linux machine that were set up a long time ago and
> that no longer reflect the state of the network.  Since these messages
> involve port 53, I suspect, although I can't see how, that pdnsd
> is the ultimate cause.
>
> For now, I will remove the reference to 192.168.0.4 from my config
> files and delete the local pdnsd cache.  Hopefully, this will solve
> the issue.
>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>



-- 
Mathew E. Enders

"Where once Samba and Apache sold Linux to the world they are now just part
of the plumbing.  But that's OK, plumbers make good money."
--Jeremy Allison

More information about the mdlug mailing list