Security Incidents mailing list archives
Re: version.bind request
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Wed, 30 May 2001 16:02:25 +1200 (NZST)
On Tue, 29 May 2001 16:34:51 -0400 "Portnoy, Gary" <gportnoy () belenosinc com> wrote:
Greetings. I have Snort configured to alert on version.bind queries and the following is what i've been seeing. In the last week, I've seen about 10 version.bind queries to seemingly random IP's on my subnet.
I got so fed up with these a couple of weeks ago that I commented out the snort rule. I assume these are yet another worm doing random probing, I'm currently seeing about 120 machine probing random addresses on our network with udp-53 (yes, they are the same as the ones you list). Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand
Current thread:
- version.bind request Portnoy, Gary (May 29)
- Re: version.bind request Russell Fulton (May 30)
- <Possible follow-ups>
- RE: version.bind request Jeff Calvert (May 30)