Security Incidents mailing list archives

Re: DNS Messages

From: Andy Murren <andy () murren org>
Date: Wed, 29 Nov 2000 14:51:52 -0500

Steven,


: We started to get some DNS warning messages on our NT PDC from an IP address
: that we have no idea of who it is.


A quick look shows that 216.190.200.2 is ns2.eease.com, the secondary
DNS server for Employease Inc. of Atlanta, GA.


: I would like to know if I should be
: concerned with this type of traffic getting into my internal network and if
: so, should the firewall be picking this up and reporting this?  I am
: concerned that an IP address of 216.190.x.x got into my 172.16.x.x network.

I would be interested in why that was on you network.

: Should I also try to contact the source of where this is coming from?
: Unfortunately we have an ISP managing our firewall, so we do not have access
: to the reporting.

Ask what the rules are on the firewall.  An incorrectly configured
firewall can be worse than no firewall.  Also is the firewall the only
protection you have?

Andy

--
Andy Murren
andy () murren org

Current thread:

Re: DNS Messages Bill Reamy (Dec 01)
- <Possible follow-ups>
- Re: DNS Messages Andy Murren (Dec 01)
- Re: DNS Messages Green, Art (MED) (Dec 01)