[Dshield] FW: Stupid DNS Tricks

Faraone, Joseph A. joseph.faraone at unisys.com
Wed Jul 24 22:05:14 GMT 2002


> From: list-owner at dshield.org [mailto:list-owner at dshield.org]On Behalf Of
> Faraone, Joseph A.
> Sent: Wednesday, July 24, 2002 4:22 PM
> To: list-admin at dshield.org
> Subject: Stupid DNS Tricks
>
>
> All,
>
> I'm wondering whether there is a new tool or attack I don't know about...
>
> Here's an extract from my Black Ice Log:
>
> Time                      Event             Intruder  Count
> 07/19/2002 03:20:00 PM, DNS UDP port probe, MYSYSTEM, 1
> 07/22/2002 12:10:47 PM, DNS UDP port probe, MYSYSTEM, 3
> 07/22/2002 03:28:49 PM, DNS UDP port probe, MYSYSTEM, 3
> 07/23/2002 04:51:42 PM, DNS UDP port probe, MYSYSTEM, 8
> 07/24/2002 10:04:34 AM, DNS UDP port probe, MYSYSTEM, 4
> 07/24/2002 11:08:02 AM, DNS UDP port probe, MYSYSTEM, 1
>
> Note that the DNS requests show my system (real netbios name changed to
> protect the innocent)as the intruder...  Sort of a combo LAND/DNS attack.
> If it were a misconfigured machine, I'd be surprised, as the activity is
> somewhat random and usually occurs after I establish a VPN into
> my corporate
> network.
>
> Any thoughts/suggestions?
>
> Joe Faraone, CISSP
>
>




More information about the list mailing list