[unisog] [REN-ISAC] Alert: DNS Smurfing

Mike.Radomski at itec.suny.edu Mike.Radomski at itec.suny.edu
Tue Dec 14 19:22:06 GMT 2004


Hello,
I have seen many posting in the past about "seeing" traffic and intrusions 
on networks.  I am wondering what tools everyone is using to analyze 
traffic and detect intrusions, and more importantly anomalies?

Thanks!

-- 
Mike Radomski 

SUNY - ITEC 
Information Technology Exchange Center 
Systems Programmer/Analyst 
E-mail: Mike.Radomski at itec.suny.edu 
Systems E-Mail: scsys at itec.suny.edu 
Phone: (716)878-4832 
Cellular: (716)807-4040 
Fax: (716)878-3485 

There are only 10 types of people... 
Those who understand binary and those who don't. 



Ryan Dorman <Ryan.Dorman at millersville.edu> 
Sent by: unisog-bounces at lists.sans.org
12/13/04 09:48 AM
Please respond to
UNIversity Security Operations Group <unisog at lists.sans.org>


To
UNIversity Security Operations Group <unisog at lists.sans.org>
cc

Subject
Re: [unisog] [REN-ISAC] Alert: DNS Smurfing






I have recently seen an increase in data on syn packets heading towards 
DNS
server.  Is this related to this smurf attack?

Ryan Dorman, CCNA
Network Communications Specialist
Millersville University
717.871.5883
Ryan.Dorman at millersville.edu

PGP Public Key: http://cns.millersville.edu/rdorman_key.txt
<http://cns.millersville.edu/rdorman_key.txt> 



  _____ 

From: Florian Weimer <fw at deneb.enyo.de>
Reply-To: UNIversity Security Operations Group <unisog at lists.sans.org>
Date: Sat, 11 Dec 2004 13:59:01 -0500
To: <unisog at lists.sans.org>
Subject: Re: [unisog] [REN-ISAC] Alert: DNS Smurfing

* Doug Pearson: 

> Over the past couple of days several DNS Smurf attacks have been 
> underway affecting research and education (R&E) and commercial 
> networks. A typical DNS Smurf attack[1] works as follows: Many DNS 
> queries of type = "any" are sent to multiple DNS servers. The 
> queries contain the source-spoofed address of the target. 

Do these attacks already exploit the superior amplification facilities 
EDNS0 provides? 
_______________________________________________ 
unisog mailing list 
unisog at lists.sans.org 
http://www.dshield.org/mailman/listinfo/unisog
<http://www.dshield.org/mailman/listinfo/unisog> 


_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20041214/ad5a3e6b/attachment-0001.htm


More information about the unisog mailing list