Full Disclosure mailing list archives

Re: FW: Question for DNS pros

From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 03 Aug 2004 21:36:24 -0500

--On Wednesday, August 4, 2004 12:04 PM +1000 Ian Latter<Ian.Latter () mq edu au> wrote:


I've been flat out here -- but I've tried to stay on this thread ..

Are you guys sure that this isn't the server end of the
ip-over-dns software (nstxd) trying to get data back to the
now non-existent client?

It would have made it through your statefull kit if it was
initiated from that problem address of yours (Paul), originally.

The address involved is the PAT address for one subnet, so yes, it couldwell have been a conversation initiated by a host on our network, but whenI checked the translation tables were empty. Unfortunately, the logging isso verbose (for translataions) that we don't have it enabled, so we canonly tell if a conversation is active.


In any case, it looks like my surmise about BigIP was correct.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: FW: Question for DNS pros, (continued)
- - - Re: FW: Question for DNS pros John Hall (Aug 04)
    - Re: FW: Question for DNS pros Nils Ketelsen (Aug 04)
    - Re: FW: Question for DNS pros John Hall (Aug 05)
    - Re: FW: Question for DNS pros Mark (Aug 03)
    - Re: FW: Question for DNS pros John Hall (Aug 04)
    - Re: FW: Question for DNS pros Gary E. Miller (Aug 04)
    - Re: FW: Question for DNS pros John Hall (Aug 05)
    - Re: FW: Question for DNS pros Gary E. Miller (Aug 05)
- Re: FW: Question for DNS pros Ian Latter (Aug 03)
- Re: FW: Question for DNS pros Ian Latter (Aug 03)
  - Re: FW: Question for DNS pros Paul Schmehl (Aug 03)
- Re: FW: Question for DNS pros Ian Latter (Aug 03)