[Dshield] FW: Stupid DNS Tricks

Michael Johnson mike at holmesandturner.com
Wed Jul 24 22:46:38 GMT 2002


> All,
>
> I'm wondering whether there is a new tool or attack I don't know about...
>
> Here's an extract from my Black Ice Log:
>
> Time                      Event             Intruder  Count
> 07/19/2002 03:20:00 PM, DNS UDP port probe, MYSYSTEM, 1
> 07/22/2002 12:10:47 PM, DNS UDP port probe, MYSYSTEM, 3
> 07/22/2002 03:28:49 PM, DNS UDP port probe, MYSYSTEM, 3
> 07/23/2002 04:51:42 PM, DNS UDP port probe, MYSYSTEM, 8
> 07/24/2002 10:04:34 AM, DNS UDP port probe, MYSYSTEM, 4
> 07/24/2002 11:08:02 AM, DNS UDP port probe, MYSYSTEM, 1
>
> Note that the DNS requests show my system (real netbios name changed to
> protect the innocent)as the intruder...  Sort of a combo LAND/DNS attack.
> If it were a misconfigured machine, I'd be surprised, as the activity is
> somewhat random and usually occurs after I establish a VPN into
> my corporate
> network.
>
> Any thoughts/suggestions?
>
> Joe Faraone, CISSP
>

Ignore it.  Its just tring to add/resolve your system,  thats what it does...
We get hundereds of hits a day,  almost a soon as the users show up and start surfing.

Mike Johnson
Systems Administrator
Hi-Tech Solutions LLC
  Formerly Holmes and Turner PLLP





More information about the list mailing list