Security Incidents mailing list archives
FW: intrusion?
From: "Hoffman, Micah (NCI)" <hoffmanm () MAIL NIH GOV>
Date: Mon, 13 Nov 2000 14:44:42 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 First time posting here. We have a number of Solaris 7 computers that are generating the following nslookups at random times throughout the day/night. I have done a snoop on them and captured a bunch o'packets. The basics look like this: ourcomputer -> ournameserver DNS C 5.78.158.194.in-addr.arpa. Internet PTR ? ournameserver -> ourcomputer DNS R 5.78.158.194.in-addr.arpa. Internet PTR www.ev.ad. ourcomputer -> ournameserver DNS C www.ev.ad. Internet Addr ? ournameserver -> ourcomputer DNS R www.ev.ad. Internet Addr 194.158.78.2 Has anyone seen this before? - --- MIcah Hoffman -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOhBFH+AizQz0OrF/EQIy7gCg2RWTn3h1BgkEgphPccEMhYAR07YAn1tu wcBJD0njTuiI3+N6ydwTiZSE =AX3z -----END PGP SIGNATURE-----
Current thread:
- FW: intrusion? Hoffman, Micah (NCI) (Nov 14)