Full Disclosure mailing list archives
Re: FW: Question for DNS pros
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 03 Aug 2004 21:36:24 -0500
--On Wednesday, August 4, 2004 12:04 PM +1000 Ian Latter <Ian.Latter () mq edu au> wrote:
The address involved is the PAT address for one subnet, so yes, it could well have been a conversation initiated by a host on our network, but when I checked the translation tables were empty. Unfortunately, the logging is so verbose (for translataions) that we don't have it enabled, so we can only tell if a conversation is active.I've been flat out here -- but I've tried to stay on this thread .. Are you guys sure that this isn't the server end of the ip-over-dns software (nstxd) trying to get data back to the now non-existent client? It would have made it through your statefull kit if it was initiated from that problem address of yours (Paul), originally.
In any case, it looks like my surmise about BigIP was correct. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: FW: Question for DNS pros, (continued)
- Re: FW: Question for DNS pros John Hall (Aug 04)
- Re: FW: Question for DNS pros Nils Ketelsen (Aug 04)
- Re: FW: Question for DNS pros John Hall (Aug 05)
- Re: FW: Question for DNS pros Mark (Aug 03)
- Re: FW: Question for DNS pros John Hall (Aug 04)
- Re: FW: Question for DNS pros Gary E. Miller (Aug 04)
- Re: FW: Question for DNS pros John Hall (Aug 05)
- Re: FW: Question for DNS pros Gary E. Miller (Aug 05)
- Re: FW: Question for DNS pros Paul Schmehl (Aug 03)