Security Incidents mailing list archives
Re: unapproved update from [166.93.60.5].61946
From: tkbidwell () NEXTLINK COM (Teri Bidwell)
Date: Thu, 18 May 2000 16:33:56 -0500
I've coorelated these to windows 2000 boxes at a previous employer. They appear to be trying to do DDNS with their DNS server whether it's a MS active-directory DNS server or not. Other than generating superfluous traffic I have not found them to actually do any harm. teri James Ankenbrandt <anken () IX NETCOM COM>@SECURITYFOCUS.COM> on 05/17/2000 01:50:19 PM Please respond to James Ankenbrandt <anken () IX NETCOM COM> Sent by: Incidents Mailing List <INCIDENTS () SECURITYFOCUS COM> To: INCIDENTS () SECURITYFOCUS COM cc: Subject: unapproved update from [166.93.60.5].61946 I have been getting these for several days: May 17 14:17:17 mail named[69]: unapproved update from [166.93.60.5].61946 for [mydomain deleted].com What would anyone suggest? I *assume* they are hostile, but what to do? As a relative newbie I would be grateful for suggestions and/or pointers in the correct direction Jim
Current thread:
- Re: unapproved update from [166.93.60.5].61946 Teri Bidwell (May 18)
- Re: unapproved update from [166.93.60.5].61946 Chris Brenton (May 20)
- <Possible follow-ups>
- Re: unapproved update from [166.93.60.5].61946 Suzanne.Hernandez () GUNTER AF MIL (May 19)