FC4, named & system hang
Mike McMullen
mlm at loanprocessing.net
Fri Jul 14 15:17:59 UTC 2006
----- Original Message -----
From: "Mike McMullen" <mlm at loanprocessing.net>
>
> Hi All,
>
> I am experiencing occasional hangs on an FC4 web server that is
> also a name server. After rebooting the only thing I see in the logs
> are about a zillion messages from named stating "RCODE (SERVFAIL)".
>
> Here is an example:
>
> Jul 14 02:03:37 www named[1652]: unexpected RCODE (SERVFAIL) resolving
> '52.134.78.140.in-addr.arpa/PTR/IN': 140.78.2.62#53
>
> These messages go on for about 15-18 minutes and then the system hangs.
>
> I'm assuming it's some type of hacking attempt.
>
> Can anyone give me some insight on what might be happening here and better
> yet how to prevent it?
>
> Thanks,
>
> Mike
Reviewing the logs more closely I also see brute force attempts on sshd. I have a rule
set up in iptables to disable login attempts for 1 minute if there are 3 attempts a minute.
The logs show the same site being blocked and then trying again about 5 minutes later.
However, the system hang occurs about 7-8 minutes after the last ssh attempt and about
a 100-200 RCODE errors later.
Any help appreciated!
Mike
More information about the fedora-list
mailing list