Re: Bogus DNS traffic
From: Brian Collins (listbc_at_newnanutilities.org)
Date: 10/22/03
- Previous message: David Gillett: "RE: Bogus DNS traffic"
- In reply to: David Gillett: "Bogus DNS traffic"
- Next in thread: Robert Lowe: "Re: Bogus DNS traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Oct 2003 16:50:00 -0400 To: incidents@securityfocus.com
> I'm seeing random UDP packets to port 53 of random
>internal IP addresses. The source IP addresses are
>external, all over the map, although the one example
>I've gotten a good capture of bore the source MAC
>address of an internal server. (Whatever is spoofing
>the IP address *could* be spoofing the MAC address, but
>that would still indicate an origin inside our network....)
>
> Does anyone recognize this?
Check here...
http://isc.sans.org/diary.html
What you're seeing might be the same.
--Brian Collins
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
----------------------------------------------------------------------------
- Previous message: David Gillett: "RE: Bogus DNS traffic"
- In reply to: David Gillett: "Bogus DNS traffic"
- Next in thread: Robert Lowe: "Re: Bogus DNS traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
