Re: Bogus DNS traffic
From: Robert Lowe (rlowe_at_auscert.org.au)
Date: 10/23/03
- Previous message: David Gillett: "RE: Bogus DNS traffic"
- Maybe in reply to: David Gillett: "Bogus DNS traffic"
- Next in thread: whiplash: "Re: [despammed] Bogus DNS traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: gillettdavid@fhda.edu Date: Thu, 23 Oct 2003 14:21:23 +1000
Hi David,
Yes, we've had reports of similar activity. The best explanation I've found so
far is:
http://people.ists.dartmouth.edu/~gbakos/bindsweep/
But perhaps someone else knows of a better explanation...
Seeing the MAC addresses set to your upstream router is expected:
http://www.blacksheepnetworks.com/security/info/ids/IDFAQ/mac_address.htm
Regards,
Rob.
-- Robert Lowe, Computer Security Analyst | Hotline: +61 7 3365 4417 AusCERT | Fax: +61 7 3365 7031 The University of Queensland | WWW: www.auscert.org.au QLD 4072 Australia | Email: auscert@auscert.org.au > I'm seeing random UDP packets to port 53 of random > internal IP addresses. The source IP addresses are > external, all over the map, although the one example > I've gotten a good capture of bore the source MAC > address of an internal server. (Whatever is spoofing > the IP address *could* be spoofing the MAC address, but > that would still indicate an origin inside our network....) > > Does anyone recognize this? > > David Gillett > > > > --------------------------------------------------------------------------- > FREE Whitepaper: Better Management for Network Security > > Looking for a better way to manage your IP security? > Learn how Solsoft can help you: > - Ensure robust IP security through policy-based management > - Make firewall, VPN, and NAT rules interoperable across heterogeneous > networks > - Quickly respond to network events from a central console > > Download our FREE whitepaper at: > http://www.securityfocus.com/sponsor/Solsoft_incidents_031015 > ---------------------------------------------------------------------------- > --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_incidents_031015 ----------------------------------------------------------------------------
- Previous message: David Gillett: "RE: Bogus DNS traffic"
- Maybe in reply to: David Gillett: "Bogus DNS traffic"
- Next in thread: whiplash: "Re: [despammed] Bogus DNS traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
