Security Incidents mailing list archives

More DNS scans

From: John Pettitt <jpp () CLOUDVIEW COM>
Date: Sun, 18 Feb 2001 21:34:10 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Another bunch of DNS scans - is there a new script out do take advantage of
the bind bugs?

This one is another Linux box with the default redhat apache home page on
it's web server!

Feb 18 07:08:25 gatekeeper snort[219]: IDS07 - MISC-Source Port Traffic 53
TCP: 203.126.81.2:53 -> 216.103.77.155:53
Feb 18 07:08:25 gatekeeper snort[219]: IDS07 - MISC-Source Port Traffic 53
TCP: 203.126.81.2:53 -> 216.103.77.156:53
Feb 18 07:08:25 gatekeeper snort[219]: IDS277 - NAMED Iquery Probe:
203.126.81.2:1905 -> 216.103.77.155:53
Feb 18 07:08:26 gatekeeper snort[219]: MISC-DNS-version-query:
203.126.81.2:1905 -> 216.103.77.155:53


John Pettitt <jpp () cloudview com>  AOL-IM: CanisRosa

SigInt bait ;-)
    A big hello to the folks at Fort Meade, Menwith Hill and Pine Gap.
    Keywords: NSA, Echelon, GCHQ, F83, Magnum, Mentor, P415, STEEPLEBUSH


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBOpCwUqdEVMR4hjZYEQLMxwCgzItOBI2QO+yOqH1qpsOYJ5u7qx4Ani/n
pken+1ju12EehzwBAso0+RdM
=ZM9/
-----END PGP SIGNATURE-----

Current thread:

More DNS scans John Pettitt (Feb 19)
- Re: More DNS scans John (Feb 19)