Security Incidents mailing list archives

Re: unapproved update from [166.93.60.5].61946

From: cbrenton () SOVER NET (Chris Brenton)
Date: Sat, 20 May 2000 06:19:25 -0400


Teri Bidwell wrote:


I've coorelated these to windows 2000 boxes at a previous
employer.   They appear to be trying to do DDNS with their
DNS server whether it's a MS  active-directory DNS server or not.


Do a:
TCP/IP Properties--> Advanced--> DNS

at the bottom of the screen, uncheck "Register this connections
addresses in DNS". I believe this is turned on by default.

Other than generating superfluous traffic I have not found them
to actually do any harm.


Depends how many of them you have. Given enough systems, this can make a
pretty effective DoS as the boxes are *very* persistent in trying to
register.

HTH,
Chris

--
**************************************
cbrenton () sover net

* Mastering Cisco Routers
http://www.amazon.com/exec/obidos/ASIN/078212643X/
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/

Current thread:

Re: unapproved update from [166.93.60.5].61946 Teri Bidwell (May 18)
- Re: unapproved update from [166.93.60.5].61946 Chris Brenton (May 20)
- <Possible follow-ups>
- Re: unapproved update from [166.93.60.5].61946 Suzanne.Hernandez () GUNTER AF MIL (May 19)