Bogus DNS traffic

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 10/22/03

Next message: Mike Anderson: "RE: Bogus DNS traffic"

Previous message: Muhammad Naseer: "Re: Need help to find web server attacks signature"
In reply to: Maxime Ducharme: "Need help to find web server attacks signature"
Next in thread: Mike Anderson: "RE: Bogus DNS traffic"
Reply: Mike Anderson: "RE: Bogus DNS traffic"
Maybe reply: David Gillett: "RE: Bogus DNS traffic"
Reply: Brian Collins: "Re: Bogus DNS traffic"
Maybe reply: Robert Lowe: "Re: Bogus DNS traffic"
Reply: whiplash: "Re: [despammed] Bogus DNS traffic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <incidents@securityfocus.com>
Date: Wed, 22 Oct 2003 12:38:51 -0700

I'm seeing random UDP packets to port 53 of random
internal IP addresses. The source IP addresses are
external, all over the map, although the one example
I've gotten a good capture of bore the source MAC
address of an internal server. (Whatever is spoofing
the IP address *could* be spoofing the MAC address, but
that would still indicate an origin inside our network....)

Does anyone recognize this?

David Gillett

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
----------------------------------------------------------------------------

Next message: Mike Anderson: "RE: Bogus DNS traffic"

Previous message: Muhammad Naseer: "Re: Need help to find web server attacks signature"
In reply to: Maxime Ducharme: "Need help to find web server attacks signature"
Next in thread: Mike Anderson: "RE: Bogus DNS traffic"
Reply: Mike Anderson: "RE: Bogus DNS traffic"
Maybe reply: David Gillett: "RE: Bogus DNS traffic"
Reply: Brian Collins: "Re: Bogus DNS traffic"
Maybe reply: Robert Lowe: "Re: Bogus DNS traffic"
Reply: whiplash: "Re: [despammed] Bogus DNS traffic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Can I update a new patch for the whole windows computers of m
... > FREE Whitepaper: Better Management for Network Security ... > - Ensure robust IP security through policy-based management ...
(Security-Basics)
RE: Can I update a new patch for the whole windows computers of m
... > FREE Whitepaper: Better Management for Network Security ... > - Ensure robust IP security through policy-based management ...
(Security-Basics)
RE: Desktop Support Access
... FREE Whitepaper: Better Management for Network Security ... Ensure robust IP security through policy-based management ...
(Security-Basics)
RE: Can I update a new patch for the whole windows computers of m y organization in my room?
... FREE Whitepaper: Better Management for Network Security ... Ensure robust IP security through policy-based management ...
(Security-Basics)
RE: Desktop Support Access
... To enable and disable ports would require access to the interface ... Better Management for Network Security ... Ensure robust IP security through policy-based management ...
(Security-Basics)