Security Incidents mailing list archives
DNS Probes
From: damian () ITACTICS COM (Damian Gerow)
Date: Mon, 1 May 2000 09:55:47 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I recieve these probes over the weekend: Apr 29 11:16:42 <hostname> kernel: Packet log: badflag DENY eth0 PROTO=TCP 196.33.125.252:53 xxx.xxx.xxx.xxx:53 L=40:20:0 S=0x00 I=39426:499048310:136926042 T=24 .SF... Apr 29 11:17:51 <hostname> kernel: Packet log: badflag DENY eth0 PROTO=TCP 216.5.194.194:53 xxx.xxx.xxx.xxx:53 L=40:20:0 S=0x00 I=39426:2066206424:141405416 T=24 .SF... This is all fine and dandy, but... the second one is coming from a machine that runs the Microsoft Exchange Mail Server. I know that the source IP could have been spoofed, but is it possible that there is a DNS exploit from Windows now? -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOQ2MP/WPEBDMsfC4EQJfrwCgrlDi9+/34NW1m4lsdnTsfsos8MQAoPZk AmmuJCiNJIbrq8GHHNpLfK72 =54tr -----END PGP SIGNATURE-----
Current thread:
- Scanning. Is it dangerous? Sarunas Krivickas (Apr 29)
- Re: Scanning. Is it dangerous? Sebastian (May 01)
- Re: Scanning. Is it dangerous? Roelof Temmingh (May 01)
- DNS Probes Damian Gerow (May 01)
- Re: Scanning. Is it dangerous? John D. Burkett (May 01)
- Re: Scanning. Is it dangerous? Rune Kristian Viken (May 07)
- Re: Scanning. Is it dangerous? Ryan Russell (May 01)
- Re: Scanning. Is it dangerous? jms (May 02)
- Re: Scanning. Is it dangerous? Jose Nazario (May 03)
- Scanning. Is it a consumer right? ethan preston (May 02)
- Re: Scanning. Is it dangerous? jms (May 02)
- Re: Scanning. Is it dangerous? Russell Fulton (May 01)
- <Possible follow-ups>
- Re: Scanning. Is it dangerous? -reply Joseph, Lorne (May 01)
- Re: Scanning. Is it dangerous? Don Tansey (May 01)
- Re: Scanning. Is it dangerous? Igor Gashinsky (May 02)