The hacker wanted to exploit the bind security hole. See the CERT info
at:
http://www.cert.org/current/current_activity.html#bind
This exploit is being used to break into linux boxes. I had one cracked
last week. That taught me to keep the patches current. Make sure you
have the latest bind p
i downloaded ippl, basically logs all tcp, udp
connections. looking at the log today i see this
entry-
Jan 29 12:25:48 domain connection attempt from
[EMAIL PROTECTED] [216.0.222.7]
(216.0.222.7:4749->my-ip-address:53)
Jan 29 12:33:41 port 113 connection attempt from
ns.pfsfhq.com [216.0.222.7]
