Discussion:
OT: U-verse question / error
(too old to reply)
Duaine Hechler
2011-01-02 03:47:58 UTC
Permalink
Does anyone else get these from the gateway system log:

INF 2011-01-01T09:47:58-06:00 named: dropped malicious resp from
68.94.156.1
INF 2011-01-01T19:32:39-06:00 named: Previous log entry repeated 1989
times


These are coming from their primary DNS server.

Know why ?
--
Duaine Hechler
Piano, Player Piano, Pump Organ
Tuning, Servicing & Rebuilding
Reed Organ Society Member
Florissant, MO 63034
(314) 838-5587
***@att.net
www.hechlerpianoandorgan.com
--
Home & Business user of Linux - 10 years
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org
John Andersen
2011-01-02 04:28:05 UTC
Permalink
Post by Duaine Hechler
INF 2011-01-01T09:47:58-06:00 named: dropped malicious resp from
68.94.156.1
INF 2011-01-01T19:32:39-06:00 named: Previous log entry repeated 1989
times
These are coming from their primary DNS server.
Know why ?
Slow DNS maybe.

See this http://forums.att.com/t5/Equipment/quot-dropped-malicious-resp-quot-msg-in-2Wire-GWY-system-log/td-p/2154677
Others claim it is a cache poisoning attack (which I seriously doubt).

Try substituting 8.8.8.8 (google free fast dns) for the ATT/SWbell servers used by your machine.
--
_____________________________________
---This space for rent---
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org
Carl Hartung
2011-01-02 04:34:48 UTC
Permalink
named:  dropped malicious resp from
Not sure if the situation you're describing matches these circumstances but a
quick Google pulled up several similar 'explanations' to the following:

"Basically it indicates that the initial DNS response (from .156.1) timed out,
the RG (acting as the DNS proxy) re-sent the request to the other DNS cluster
(.157.1) and in the meantime, the original response showed up ... but because
the second request is now the active request .... it gets tagged and dropped
as malicious inbound traffic. ... The programmer used a poor choice of
words ..."

hth & regards,

Carl
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org
Loading...