RE: Source port 69

From: abuse (postmaster@getinfo.org)
Date: 09/27/01


From: "abuse" <postmaster@getinfo.org>
To: <shewitt@cdw.com>, <focus-ms@securityfocus.com>
Subject: RE: Source port 69
Date: Thu, 27 Sep 2001 13:39:07 -0400
Message-ID: <NABBJLKKPKIHDIMKFKGCCEBPPAAB.postmaster@getinfo.org>


> It looks like somebody may be scanning DNS servers to
> see if they
> allow TFTP and compiling a list of those that allow it.
>
> Has anybody seen this before?

Last night I saw a whole bunch of DNS scans coming from Unix boxes that were
running tons of services (probably compromised).

Geo.