Full Disclosure mailing list archives
Re: Mystery DNS Changes
From: Danny Pansters <fulldiclosure () ricin com>
Date: Thu, 2 Oct 2003 01:05:39 +0200
On Wednesday 01 October 2003 21:19, Hansen, Kevin wrote:
We have seen multiple instances where DHCP enabled workstations have had their DNS reconfigured to point to two of the three addresses listed below. Can anyone else confirm this? Incidents.org is reporting an increase in port 53 traffic over the last two days. Are we looking at the precursor to the next worm? 216.127.92.38 69.57.146.14 69.57.147.175 -KJH
How bout asking admin () ev1 net? You likely have some spy/ad/pay ware on client machines. See lop.com and others. There's crap traffic on port 53 all the time, I get speedera ping-like traffic on my port 53 several times a day. It's a verifiable swarm but no one at att, verio, uunet, whatever seem to care. My cable ISP told me I could start legal action. Yeah right. This is probably a common occurance. I think you're mixing up two different issues here. Dan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Mystery DNS Changes Hansen, Kevin (Oct 01)
- Re: Mystery DNS Changes Gary Flynn (Oct 01)
- Re: Mystery DNS Changes Brian Eckman (Oct 01)
- Re: Mystery DNS Changes Russell Fulton (Oct 01)
- Re: Mystery DNS Changes Mary Landesman (Oct 01)
- Message not available
- Re: Mystery DNS Changes Mike Tancsa (Oct 01)
- Re: Mystery DNS Changes Gary Flynn (Oct 01)
- Re: Mystery DNS Changes Danny Pansters (Oct 01)
- Re: Mystery DNS Changes Joe Stewart (Oct 02)
- <Possible follow-ups>
- RE: Mystery DNS Changes Brown, James (Jim) (Oct 01)
- RE: Mystery DNS Changes Schmehl, Paul L (Oct 01)
- RE: Mystery DNS Changes David Vincent (Oct 01)
- RE: Mystery DNS Changes tom_gordon (Oct 01)
- RE: Mystery DNS Changes Harris, Michael C. (Oct 01)
- Re: Mystery DNS Changes Paul Tinsley (Oct 01)
- Re: [Snort-sigs] Re: Mystery DNS Changes Paul Tinsley (Oct 02)
- Re: [Snort-sigs] Re: Mystery DNS Changes Paul Schmehl (Oct 03)
- Re: [Snort-sigs] Re: Mystery DNS Changes Paul Tinsley (Oct 03)
- Re: Mystery DNS Changes Paul Tinsley (Oct 01)