Security Incidents mailing list archives
Re: DNS update queries: another sort of suspicious activity.
From: rquinn () SEC SPRINT NET (Rob Quinn)
Date: Mon, 31 Jan 2000 16:19:31 -0500
You are probably going to find a lot more of these entries. By default, Windows 2000 tries to send a DNS update to its known DNS server whenever it starts up with a new IP from DHCP or finds its name to IP lookup entry not in the local DNS zone.
The big question is, does this mean Win2000's DNS server defaults to allowing dynamic updates?
This is MS implementation of dynamic DNS. There is some more details on SANS GIAC pages http://www.sans.org/giac.html
`htm'. But which link do I want? -- | Opinions are _mine_, facts Rob Quinn | | are facts. (703)689-6582 | | rquinn () sec sprint net | | Sprint Corporate Security |
Current thread:
- Re: DNS update queries: another sort of suspicious activity. Flynn, Harold M. III (Jan 31)
- Re: DNS update queries: another sort of suspicious activity. H D Moore (Feb 10)
- <Possible follow-ups>
- Re: DNS update queries: another sort of suspicious activity. Rob Quinn (Jan 31)
- Re: DNS update queries: another sort of suspicious activity. Kevin (Sparty) Broderick (Jan 31)
- Re: DNS update queries: another sort of suspicious activity. Bill Royds (Feb 01)
- Re: DNS update queries: another sort of suspicious activity. Data_surge (Feb 03)