[Dshield] FW: Stupid DNS Tricks
mike at holmesandturner.com
Wed Jul 24 22:46:38 GMT 2002
> I'm wondering whether there is a new tool or attack I don't know about...
> Here's an extract from my Black Ice Log:
> Time Event Intruder Count
> 07/19/2002 03:20:00 PM, DNS UDP port probe, MYSYSTEM, 1
> 07/22/2002 12:10:47 PM, DNS UDP port probe, MYSYSTEM, 3
> 07/22/2002 03:28:49 PM, DNS UDP port probe, MYSYSTEM, 3
> 07/23/2002 04:51:42 PM, DNS UDP port probe, MYSYSTEM, 8
> 07/24/2002 10:04:34 AM, DNS UDP port probe, MYSYSTEM, 4
> 07/24/2002 11:08:02 AM, DNS UDP port probe, MYSYSTEM, 1
> Note that the DNS requests show my system (real netbios name changed to
> protect the innocent)as the intruder... Sort of a combo LAND/DNS attack.
> If it were a misconfigured machine, I'd be surprised, as the activity is
> somewhat random and usually occurs after I establish a VPN into
> my corporate
> Any thoughts/suggestions?
> Joe Faraone, CISSP
Ignore it. Its just tring to add/resolve your system, thats what it does...
We get hundereds of hits a day, almost a soon as the users show up and start surfing.
Hi-Tech Solutions LLC
Formerly Holmes and Turner PLLP
More information about the list