[Dshield] prisoner.iana.org & thanks for the tcpdump info!
mike at holmesandturner.com
Thu May 30 20:49:40 GMT 2002
Hi I'm new to the list but have seen this for the past several weeks on only
1 of 30 machines. I'm glad you asked because it has prompted me to take a
look into it.
The machine which this happens on is 1 of 2 machines that are statically
IP'd. This machine also has a modem for PCAnywhere use, therefore has 3
DNS servers listed ( 2 for our Broadband and 1 for the dialup).
After I had the user remove the dialup DNS server it hasn't happened for
almost an hour now (where I did have prisoner.iana.org traffic about 20-30
Also I don't think "they" IANA is trying to hack in see: www.iana.org this
is kinda up there alley.
sql> select * from USERS where clue > 0
sql> 0 found
Has anyone seen this hostname in any hacks in the past -
Bsafe Online, Inc
850-362-4300 ext. 7101
[[ Attachement of type text/html deleted]]
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list