[Dshield] FW: Stupid DNS Tricks
Faraone, Joseph A.
joseph.faraone at unisys.com
Wed Jul 24 22:05:14 GMT 2002
> From: list-owner at dshield.org [mailto:list-owner at dshield.org]On Behalf Of
> Faraone, Joseph A.
> Sent: Wednesday, July 24, 2002 4:22 PM
> To: list-admin at dshield.org
> Subject: Stupid DNS Tricks
> I'm wondering whether there is a new tool or attack I don't know about...
> Here's an extract from my Black Ice Log:
> Time Event Intruder Count
> 07/19/2002 03:20:00 PM, DNS UDP port probe, MYSYSTEM, 1
> 07/22/2002 12:10:47 PM, DNS UDP port probe, MYSYSTEM, 3
> 07/22/2002 03:28:49 PM, DNS UDP port probe, MYSYSTEM, 3
> 07/23/2002 04:51:42 PM, DNS UDP port probe, MYSYSTEM, 8
> 07/24/2002 10:04:34 AM, DNS UDP port probe, MYSYSTEM, 4
> 07/24/2002 11:08:02 AM, DNS UDP port probe, MYSYSTEM, 1
> Note that the DNS requests show my system (real netbios name changed to
> protect the innocent)as the intruder... Sort of a combo LAND/DNS attack.
> If it were a misconfigured machine, I'd be surprised, as the activity is
> somewhat random and usually occurs after I establish a VPN into
> my corporate
> Any thoughts/suggestions?
> Joe Faraone, CISSP
More information about the list