Security Incidents mailing list archives

Re: DNS update queries: another sort of suspicious activity.

From: rquinn () SEC SPRINT NET (Rob Quinn)
Date: Mon, 31 Jan 2000 16:19:31 -0500

You are probably going to find a lot more of these entries. By default,
Windows 2000 tries to send a DNS update to its known DNS server whenever it
starts up with a new IP from DHCP or finds its name to IP lookup entry not in
the local DNS zone.


 The big question is, does this mean Win2000's DNS server defaults to allowing
dynamic updates?

This is MS implementation of dynamic DNS. There is some more details on SANS
GIAC pages http://www.sans.org/giac.html


 `htm'. But which link do I want?

--
| Opinions are _mine_, facts                                     Rob Quinn |
| are facts.                                                 (703)689-6582 |
|                                                    rquinn () sec sprint net |
|                                                Sprint Corporate Security |

Current thread:

Re: DNS update queries: another sort of suspicious activity. Flynn, Harold M. III (Jan 31)
- Re: DNS update queries: another sort of suspicious activity. H D Moore (Feb 10)
- <Possible follow-ups>
- Re: DNS update queries: another sort of suspicious activity. Rob Quinn (Jan 31)
- Re: DNS update queries: another sort of suspicious activity. Kevin (Sparty) Broderick (Jan 31)
- Re: DNS update queries: another sort of suspicious activity. Bill Royds (Feb 01)
- Re: DNS update queries: another sort of suspicious activity. Data_surge (Feb 03)