nanog mailing list archives
Re: huh
From: Sean Donelan <sean () donelan com>
Date: Tue, 15 Jan 2002 16:22:03 -0500 (EST)
On Tue, 15 Jan 2002, Tim Devries wrote:
Ok, well this is good to know. Although it still doesn't explain why my firewall is reporting DNS UDP/TCP probes from windowupdate.com on a regular basis.
A couple of possibilities - DNS cache poisoning sending spoofed answers to your DNS server (are you running a current version of BIND or an alternative?) - DDOS attack on windowsupdate.com using spoofed source packets (DNS and HTTP packets can tunnel through most firewall configurations)