Merhabalar, oncelikle sorgularin syslogd tarafindan yapildigina emin olmak icin syslogd prosesini oldurun , devam ediyorsa hangi prosesin yaptina bakin yok devam etmiyorsa Syslogd'yi calistirirken -n parametresi ile deneyin.. Boylece syslogd gelen kaynak adresleri cozmeye calismayacaktir. Tabi bu durum syslog uzaktan log almaya aciksa olusur.
On 4/13/07, Fatih Ekrem Genc <[EMAIL PROTECTED]> wrote:
mail ftp ve www (tekbir site host ediliyor ) serveri olan sistemden sürekli disariya dns sorgusu geliyor oldukca sakin ve hatta kimsenin bu serverde olmamasi gerektigi saatlerde dahi. mail trafigi sifirken ftpden kimseler online degilken.. sistem disariya dns sorgusu yoluyor bunu sebebi ne olabilir icin tam garip olan yani su dns sorgusu tam 5 saniyede bir kere olyuyor.. bu sorguyu yapan programi nasil bulabilirim.... genelde 54??? ile basliyan bir portan sorgu ciktigi icin netstat sölye bir parametre verdim syslogd neden bu kadar sik dns sorgusu yapsin ki ?? netstat -alnp | grep 54 udp 0 0 192.168.0.5:54504 145.253.2.11:53 VERBUNDEN 26132/syslogd router fw'sinin yolari su sekilde ilgili server192.168.0.5 router 192.168.0.1 router extern ip 213.XX.XX.XX Apr 13 01:42:40 192.168.0.1 2007 Apr 12 15:19:20 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source:192.168.0.5,54114 ,LAN - Destination: 145.253.2.11,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M Apr 13 01:42:45 192.168.0.1 2007 Apr 12 15:19:25 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source:192.168.0.5,54115 ,LAN - Destination:145.253.2.11,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M Apr 13 01:42:50 192.168.0.1 2007 Apr 12 15:19:30 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source: 192.168.0.5,54116 ,LAN - Destination: 145.253.2.11,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M Apr 13 01:42:55 192.168.0.1 2007 Apr 12 15:19:35 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source:192.168.0.5,54117 ,LAN - Destination: 145.253.2.11,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M Apr 13 01:43:00 192.168.0.1 2007 Apr 12 15:19:40 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source:192.168.0.5,54118 ,LAN - Destination:145.253.2.11 ,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M Apr 13 01:43:05 192.168.0.1 2007 Apr 12 15:19:45 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source: 192.168.0.5,54119 ,LAN - Destination: 145.253.2.11,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M Apr 13 01:43:10 192.168.0.1 2007 Apr 12 15:19:50 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source:192.168.0.5,54120 ,LAN - Destination: 145.253.2.11,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M Apr 13 01:43:15 192.168.0.1 2007 Apr 12 15:19:55 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source:192.168.0.5,54121 ,LAN - Destination:145.253.2.11 ,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M Apr 13 01:43:20 192.168.0.1 2007 Apr 12 15:20:00 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source: 192.168.0.5,54122 ,LAN - Destination: 145.253.2.11,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M Apr 13 01:43:25 192.168.0.1 2007 Apr 12 15:20:05 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source:192.168.0.5,54123 ,LAN - Destination: 145.253.2.11,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M Apr 13 01:43:30 192.168.0.1 2007 Apr 12 15:20:10 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source:192.168.0.5,54124 ,LAN - Destination:145.253.2.11 ,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M Apr 13 01:43:35 192.168.0.1 2007 Apr 12 15:20:15 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source: 192.168.0.5,54125 ,LAN - Destination: 145.253.2.11,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M Apr 13 01:43:41 192.168.0.1 2007 Apr 12 15:20:20 (FWG114P-cc-d5-9c) 213.XX.XX.XXUDP Packet - Source:192.168.0.5,54126 ,LAN - Destination: 145.253.2.11,53[DNS] ,WAN [Forward] - [Outbound Default rule match]^M selamlar fatihgenc -- Yeni Mobil numaram: 0178 54 06 227 http://www.fatihgenc.com
-- Huzeyfe ONAL [EMAIL PROTECTED] http://www.huzeyfe.net +90 555 255 4593 Ag guvenligi listesine uye oldunuz mu? http://netsec.huzeyfe.net ---