Security Incidents mailing list archives
Re: Microsoft version.binding us now?
From: billm () DANGER MS (Bill Marquette)
Date: Thu, 1 Jun 2000 07:07:33 -0500
I've already sent email to the tech people at F5 asking if their product does this in normal operation. As I find out information I'll definately post it here. We may end up using our corporate weight with Microsoft to dig into this a little farther. I hate to just outright dig at Microsoft, but this is ridiculous, there's no reason for their product to do this unless it's broken. Query types of TXT w/ a class of CHAOS and a query of "VERSION.BIND" doesn't exactly "just happen" from a malformed packet. --Bill --billm () danger ms ----- Original Message ----- From: "Klaus Steding-Jessen" <jessen () NIC BR> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Tuesday, May 30, 2000 10:18 AM Subject: Re: Microsoft version.binding us now? <snip>
From: ITG Information Security Center <infosec () microsoft com> Sender: Greg Galford <ggalford () microsoft com> Subject: FW: SECURITY: Hacking activity from your domain Date: Fri, 26 May 2000 07:31:42 -0700 X-Mailer: Internet Mail Service (5.5.2651.58) Hi, these packets you are seeing are not probes, but are coming from an F5 networks product, 3dns (see: http://www.f5.com/3dns/index.html).[snip] Hard to believe that 3dns is using version.bind probes to collect RTT information. Can anyone confirm this? Klaus.
Current thread:
- Re: Microsoft version.binding us now? Fernando Cardoso (May 30)
- <Possible follow-ups>
- Re: Microsoft version.binding us now? Klaus Steding-Jessen (May 30)
- Re: Microsoft version.binding us now? Bill Marquette (Jun 01)
- Re: Microsoft version.binding us now? Thijs Eilander (May 30)
- Re: Microsoft version.binding us now? Bill Marquette (Jun 01)
- Re: Microsoft version.binding us now? Richard Bejtlich (Jun 02)
- Scan of the Week continued Lance Spitzner (Jun 03)
- very strange scan patterns Joe H (Jun 05)
- Re: very strange scan patterns John Kristoff (Jun 05)
- Sub-7 Khan, Mansoor (Jun 05)
- Re: Sub-7 James Stevenson (Jun 08)
- Re: Sub-7 Matthew F. Caldwell (Jun 08)
- Re: Sub-7 nine (Jun 08)