[Dshield] Any ideas?

Johannes B. Ullrich jullrich at euclidian.com
Sat Oct 13 15:49:39 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> 245503: Oct 11	09:38:51 (our firewall name here) kernel:	UDP refused
> 53 at 7f000001 -> 3534 at 7f000001 lo0
> Is this consistent with the signature of known BIND attacks?

There is not enough infromation here to decide. I am not familiar with
this particular log format. But it looks like DNS replies, not probes.

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7yGKVVOIizK5pIDMRArnjAKD9l+L6SyzoBYl9Z303DSlhKXPFTQCgs+Nx
6D0O6DKT9Z5nmaIyTAWQAyQ=
=52tZ
-----END PGP SIGNATURE-----




More information about the list mailing list