Full Disclosure mailing list archives
Re: Mystery DNS Changes
From: Gary Flynn <flynngn () jmu edu>
Date: Wed, 01 Oct 2003 16:04:33 -0400
Hansen, Kevin wrote:
We have seen multiple instances where DHCP enabled workstations have had their DNS reconfigured to point to two of the three addresses listed below. Can anyone else confirm this? Incidents.org is reporting an increase in port 53 traffic over the last two days. Are we looking at the precursor to the next worm?
This is currently being discussed on NTBUGTRAQ too. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Mystery DNS Changes Hansen, Kevin (Oct 01)
- Re: Mystery DNS Changes Gary Flynn (Oct 01)
- Re: Mystery DNS Changes Brian Eckman (Oct 01)
- Re: Mystery DNS Changes Russell Fulton (Oct 01)
- Re: Mystery DNS Changes Mary Landesman (Oct 01)
- Message not available
- Re: Mystery DNS Changes Mike Tancsa (Oct 01)
- Re: Mystery DNS Changes Gary Flynn (Oct 01)
- Re: Mystery DNS Changes Danny Pansters (Oct 01)
- Re: Mystery DNS Changes Joe Stewart (Oct 02)
- <Possible follow-ups>
- RE: Mystery DNS Changes Brown, James (Jim) (Oct 01)
- RE: Mystery DNS Changes Schmehl, Paul L (Oct 01)
- RE: Mystery DNS Changes David Vincent (Oct 01)
- RE: Mystery DNS Changes tom_gordon (Oct 01)