[Dshield] prisoner.iana.org & thanks for the tcpdump info!

Michael Johnson mike at holmesandturner.com
Thu May 30 20:49:40 GMT 2002


Howdy y'all,

Hi I'm new to the list but have seen this for the past several weeks on only
1 of 30 machines. I'm glad you asked because it has prompted me to take a
look into it.

The machine which this happens on is 1 of 2 machines that are statically
IP'd.  This machine also has a modem for PCAnywhere use,  therefore has 3
DNS servers listed ( 2 for our Broadband and 1 for the dialup).

After I had the user remove the dialup DNS server it hasn't happened for
almost an hour now (where I did have prisoner.iana.org traffic about 20-30
min).

Also I don't think "they" IANA is trying to hack in see:  www.iana.org this
is kinda up there alley.


Mike Johnson
Network Administrator
Bozeman, Montana

sql> select * from USERS where clue > 0
sql> 0 found


Has anyone seen this hostname in any hacks in the past -
"prisoner.iana.org?"
=20
Tim Lamberth
System Administrator
Bsafe Online, Inc
http://www.bsafeonline.com
850-362-4300 ext. 7101
=20


[[ Attachement of type text/html deleted]]

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list