----- Original Message -----
From: "Mike McMullen" <mlm@xxxxxxxxxxxxxxxxxx>
Hi All,
I am experiencing occasional hangs on an FC4 web server that is
also a name server. After rebooting the only thing I see in the logs
are about a zillion messages from named stating "RCODE (SERVFAIL)".
Here is an example:
Jul 14 02:03:37 www named[1652]: unexpected RCODE (SERVFAIL) resolving
'52.134.78.140.in-addr.arpa/PTR/IN': 140.78.2.62#53
These messages go on for about 15-18 minutes and then the system hangs.
I'm assuming it's some type of hacking attempt.
Can anyone give me some insight on what might be happening here and better
yet how to prevent it?
Thanks,
Mike
Reviewing the logs more closely I also see brute force attempts on sshd. I have a rule
set up in iptables to disable login attempts for 1 minute if there are 3 attempts a minute.
The logs show the same site being blocked and then trying again about 5 minutes later.
However, the system hang occurs about 7-8 minutes after the last ssh attempt and about
a 100-200 RCODE errors later.
Any help appreciated!
Mike
