Security Incidents mailing list archives

Re: unapproved update from [166.93.60.5].61946

From: tkbidwell () NEXTLINK COM (Teri Bidwell)
Date: Thu, 18 May 2000 16:33:56 -0500


I've coorelated these to windows 2000 boxes at a previous
employer.   They appear to be trying to do DDNS with their
DNS server whether it's a MS  active-directory DNS server or not.
Other than generating superfluous traffic I have not found them
to actually do any harm.

teri

James Ankenbrandt <anken () IX NETCOM COM>@SECURITYFOCUS.COM> on 05/17/2000
01:50:19 PM

Please respond to James Ankenbrandt <anken () IX NETCOM COM>

Sent by:  Incidents Mailing List <INCIDENTS () SECURITYFOCUS COM>

To:   INCIDENTS () SECURITYFOCUS COM
cc:

Subject:  unapproved update from [166.93.60.5].61946

I have been getting these for several days:

May 17 14:17:17 mail named[69]: unapproved update from [166.93.60.5].61946
for [mydomain deleted].com

What would anyone suggest?  I *assume* they are hostile,
but what to do?  As a relative newbie I would be grateful
for suggestions and/or pointers in the correct direction

Jim

Current thread:

Re: unapproved update from [166.93.60.5].61946 Teri Bidwell (May 18)
- Re: unapproved update from [166.93.60.5].61946 Chris Brenton (May 20)
- <Possible follow-ups>
- Re: unapproved update from [166.93.60.5].61946 Suzanne.Hernandez () GUNTER AF MIL (May 19)