Security Incidents mailing list archives
Re: NT Compromise -- Update -- SRC PORT: 53 traffic
From: "Joep Gommers" <joepgommers () hetnet nl>
Date: Tue, 25 Dec 2001 17:22:39 +0100
http://www.securiteam.com/exploits/5YP0E1F0KU.html Joep Gommers ----- Original Message ----- From: "Loki" <loki () fatelabs com> To: <incidents () securityfocus com> Sent: Monday, December 24, 2001 8:31 PM Subject: NT Compromise -- Update -- SRC PORT: 53 traffic
I should mention that the packets were flooding our DNS server, enough traffic to saturate and bring down our T1. Please note that again, the port 53 was not the DST port, rather, the SRC port of each packet. -- ============================================================ Loki Founder, Chief Research Scientist Fate Research Labs United States VPN Division ------------------------------------------------------------ [w] http://www.fatelabs.com [e] loki () fatelabs com [p] +1 412 303 3115 ------------------------------------------------------------ "Ipsa Scientia Potestas Est" Knowledge itself is power. ============================================================ --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- NT Compromise -- Update -- SRC PORT: 53 traffic Loki (Dec 24)
- RE: NT Compromise -- Update -- SRC PORT: 53 traffic Bill Royds (Dec 25)
- RE: NT Compromise -- Update -- SRC PORT: 53 traffic Alvin Oga (Dec 26)
- Re: NT Compromise -- Update -- SRC PORT: 53 traffic Joep Gommers (Dec 25)
- RE: NT Compromise -- Update -- SRC PORT: 53 traffic Bill Royds (Dec 25)