Security Incidents mailing list archives

Re: DNS update queries: another sort of suspicious activity.

From: Gn0 () DATASURGE COM (Data_surge)
Date: Fri, 4 Feb 2000 16:20:09 +1100


On Sat, 29 Jan 2000, you wrote:


On Fri, Jan 28, 2000 at 11:20:08PM +0300, Fyodor wrote:

On Fri, 28 Jan 2000, Patrick Oonk wrote:

~ Fydor,
~
~ this seems to be a 'feature' of Windows 2000.
~ If you had portscanned the offending box you might
~ have seen it was a Win2k box.
~

Wow.. then it must be full of surprises. :) Notice that 192.168.0.4 is a
non-routable IP address, so it could be someone's sick firewall which
allowed the iternal network to send sick UDP datagrams out.


I assumed the ip number to be an example :)

Acually that ip is the one of the default netmaks for a win2k box "i think".
not a 100% shure can someone verify this .
Thanks..
yes i know 255.x.x..xxx.x. is the one we are accalimed to but i think micro$oft
is going for the security in mind look aparenty they are even including 128 bit
crypto. witch is ok ????

Current thread:

Re: DNS update queries: another sort of suspicious activity. Flynn, Harold M. III (Jan 31)
- Re: DNS update queries: another sort of suspicious activity. H D Moore (Feb 10)
- <Possible follow-ups>
- Re: DNS update queries: another sort of suspicious activity. Rob Quinn (Jan 31)
- Re: DNS update queries: another sort of suspicious activity. Kevin (Sparty) Broderick (Jan 31)
- Re: DNS update queries: another sort of suspicious activity. Bill Royds (Feb 01)
- Re: DNS update queries: another sort of suspicious activity. Data_surge (Feb 03)