Security Incidents mailing list archives
Bogus DNS traffic
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 22 Oct 2003 12:38:51 -0700
I'm seeing random UDP packets to port 53 of random internal IP addresses. The source IP addresses are external, all over the map, although the one example I've gotten a good capture of bore the source MAC address of an internal server. (Whatever is spoofing the IP address *could* be spoofing the MAC address, but that would still indicate an origin inside our network....) Does anyone recognize this? David Gillett --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_incidents_031015 ----------------------------------------------------------------------------
Current thread:
- Need help to find web server attacks signature Maxime Ducharme (Oct 22)
- Re: Need help to find web server attacks signature Muhammad Naseer (Oct 22)
- Re: Need help to find web server attacks signature Fatih Özavcı (Oct 23)
- Bogus DNS traffic David Gillett (Oct 22)
- RE: Bogus DNS traffic Mike Anderson (Oct 23)
- RE: Bogus DNS traffic David Gillett (Oct 23)
- Re: Bogus DNS traffic Brian Collins (Oct 23)
- Re: Bogus DNS traffic Robert Lowe (Oct 23)
- Re: [despammed] Bogus DNS traffic whiplash (Oct 24)
- RE: Bogus DNS traffic Mike Anderson (Oct 23)
- RE: Need help to find web server attacks signature Mike Brownbill (Oct 23)
- Re: Need help to find web server attacks signature Tri Huynh (Oct 24)
- Re: Need help to find web server attacks signature Muhammad Naseer (Oct 22)