Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

FW: intrusion?

From: "Hoffman, Micah (NCI)" <hoffmanm () MAIL NIH GOV>
Date: Mon, 13 Nov 2000 14:44:42 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

First time posting here.

We have a number of Solaris 7 computers that are generating the following
nslookups at random times throughout the day/night.  I have done a snoop on
them and captured a bunch o'packets.  The basics look like this:

ourcomputer -> ournameserver   DNS C 5.78.158.194.in-addr.arpa. Internet PTR
?
  ournameserver -> ourcomputer  DNS R 5.78.158.194.in-addr.arpa. Internet
PTR
www.ev.ad.
ourcomputer  -> ournameserver  DNS C www.ev.ad. Internet Addr ?
  ournameserver -> ourcomputer  DNS R www.ev.ad. Internet Addr 194.158.78.2

Has anyone seen this before?

- --- MIcah Hoffman

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOhBFH+AizQz0OrF/EQIy7gCg2RWTn3h1BgkEgphPccEMhYAR07YAn1tu
wcBJD0njTuiI3+N6ydwTiZSE
=AX3z
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: