RE: Bogus DNS traffic
From: Mike Anderson (secure_at_spoofedpackets.net)
Date: 10/22/03
- Previous message: David Gillett: "Bogus DNS traffic"
- In reply to: David Gillett: "Bogus DNS traffic"
- Next in thread: David Gillett: "RE: Bogus DNS traffic"
- Reply: David Gillett: "RE: Bogus DNS traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <gillettdavid@fhda.edu>, <incidents@securityfocus.com> Date: Wed, 22 Oct 2003 16:34:24 -0400
Dave,
You might be seeing an increase in DNS traffic as results from
this trojan.
QHosts Trojan Horse
added October 2
The CERT/CC has received reports of a new Trojan Horse program affecting
Microsoft Windows systems. The QHosts or Qhosts-1 Trojan Horse has been
reported to alter domain name service (DNS) settings on Windows systems
and redirect users from legitimate web sites to those specified by the
Trojan Horse program. The CERT/CC is tracking this activity as
CERT#27882 and is interested in receiving reports thereof. Relevant
artifacts or activity can be sent to cert@cert.org with "CERT#27882" in
the subject line.
The CERT/CC strongly encourages users to install anti-virus software,
and keep its virus signature files up-to-date.
I got this from cert's website. You might want to check that out.
Mike Anderson
Systems Engineer
-----Original Message-----
From: David Gillett [mailto:gillettdavid@fhda.edu]
Sent: Wednesday, October 22, 2003 3:39 PM
To: incidents@securityfocus.com
Subject: Bogus DNS traffic
I'm seeing random UDP packets to port 53 of random
internal IP addresses. The source IP addresses are
external, all over the map, although the one example
I've gotten a good capture of bore the source MAC
address of an internal server. (Whatever is spoofing
the IP address *could* be spoofing the MAC address, but
that would still indicate an origin inside our network....)
Does anyone recognize this?
David Gillett
------------------------------------------------------------------------
--- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_incidents_031015 ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_incidents_031015 ----------------------------------------------------------------------------
- Previous message: David Gillett: "Bogus DNS traffic"
- In reply to: David Gillett: "Bogus DNS traffic"
- Next in thread: David Gillett: "RE: Bogus DNS traffic"
- Reply: David Gillett: "RE: Bogus DNS traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
