Security Incidents mailing list archives
Re: Increase in DNS traffic?
From: "Simon Delicata" <sdelicata () planer co uk>
Date: Wed, 8 Aug 2001 19:49:44 +0100
Yeah... I've noticed a continually open ( 2 days +) UDP port from our ISP to our DNS server. I chopped the timeouts for idle connections (firewall setting), which has seemed to have helped. I've not read too deeply into the ida exploits, but if it tries to do a reverse DNS lookup against IP addresses it attacks, this might explain the spike Simon D "kath" <kath@kathweb To: <INCIDENTS () SECURITYFOCUS COM> .net> cc: Subject: Increase in DNS traffic? 08/08/01 04:49 Anyone see a spike in traffic to port 53? This is really odd, considering noone really uses this DNS server for lookups. - k ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Increase in DNS traffic? kath (Aug 08)
- Re: Increase in DNS traffic? measl (Aug 09)
- <Possible follow-ups>
- Re: Increase in DNS traffic? Simon Delicata (Aug 09)