RE: VPN connection attempts to resolvers?

From: Toni Heinonen (
Date: 04/04/02

Date: Thu, 4 Apr 2002 19:54:05 +0300
From: "Toni Heinonen" <>
To: "Mike Lewinski" <>, <>

> We've observed what appear to be attempts to establish a VPN
> connection to
> our caching-only resolvers. I have commented each of the
> packet dumps below.
> None of our nameservers provide any VPN services, and never have.
> Since I am not a VPN expert, I'm wondering if anyone else can
> shed some
> light on what might be going on here. Is this just a
> brain-dead VPN client
> that's making bad assumptions about it's resolvers? Or is
> there something
> more malicious going on? The traffic was picked up after a
> SYN flood to one
> of the DNS servers led to further investigation.


This matter has been previously discussed. Please see

   Telephone +358 (9) 3434 9123 * Fax +358 (9) 3431 321
   Wireless +358 40 836 1815
   Kauppakartanonkatu 7, 00930 Helsinki, Finland *

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: