Security Incidents mailing list archives
Re: Increase in DNS traffic?
From: "Simon Delicata" <sdelicata () planer co uk>
Date: Wed, 8 Aug 2001 19:49:44 +0100
Yeah... I've noticed a continually open ( 2 days +) UDP port from our ISP
to our DNS server. I chopped the timeouts for idle connections (firewall
setting), which has seemed to have helped. I've not read too deeply into
the ida exploits, but if it tries to do a reverse DNS lookup against IP
addresses it attacks, this might explain the spike
Simon D
"kath"
<kath@kathweb To: <INCIDENTS () SECURITYFOCUS COM>
.net> cc:
Subject: Increase in DNS traffic?
08/08/01
04:49
Anyone see a spike in traffic to port 53?
This is really odd, considering noone really uses this DNS server for
lookups.
- k
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- Increase in DNS traffic? kath (Aug 08)
- Re: Increase in DNS traffic? measl (Aug 09)
- <Possible follow-ups>
- Re: Increase in DNS traffic? Simon Delicata (Aug 09)