Security Incidents mailing list archives
Re: New DNS connection with SYN ACK
From: Nick Drage <nickd () demon net>
Date: Mon, 14 Jan 2002 13:00:56 +0000
On Fri, Jan 11, 2002 at 07:47:17PM +0100, Richard Arends wrote:
On 11 Jan 2002, Jerry Perser wrote:Here are the 19 ip addresses: 128.121.10.146 128.242.105.34 129.250.244.10 193.148.15.128 194.205.125.26 194.213.64.150 202.139.133.129 203.194.166.182 203.81.45.254 216.220.39.42 216.33.35.214 216.34.68.2 216.35.167.58 62.23.80.2 62.26.119.34 64.14.200.154 64.37.200.46 64.56.174.186 64.78.235.14I'm getting scans for port 53 from the same ip's ! and tracking system please see: http://aris.securityfocus.com
Apologies for adding another "me too", but there's a thread in comp.security.firewalls, subject "Misconfigured DNS, firewall too tight or (spoofed?) attack?", discussing the same thing. I'd be interested to know what is causing this traffic, my guess in that Usenet thread was that the person receiving these packets was a fake source for DNS scanning - but that is, of course, wrong. -- Nick Drage - Security Architecture - Demon Internet "A lonely voice Echoing through the wilderness Request Timed Out" ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- New DNS connection with SYN ACK Jerry Perser (Jan 11)
- Re: New DNS connection with SYN ACK Richard Arends (Jan 11)
- Re: New DNS connection with SYN ACK Nick Drage (Jan 14)
- Re: New DNS connection with SYN ACK Patrick Benson (Jan 14)
- Re: New DNS connection with SYN ACK Nick Drage (Jan 14)
- RE: New DNS connection with SYN ACK Dan Hawrylkiw (Jan 14)
- RE: New DNS connection with SYN ACK Jason Dixon (Jan 14)
- Re: New DNS connection with SYN ACK John Hall (Jan 15)
- Unusual DNS requests (not related to previous DNS thread) measl (Jan 15)
- Re: Unusual DNS requests (not related to previous DNS thread) Ryan Russell (Jan 15)
- Re: Unusual DNS requests (not related to previous DNS thread) measl (Jan 17)
- Re: Unusual DNS requests (not related to previous DNS thread) Greg A. Woods (Jan 18)
- RE: New DNS connection with SYN ACK Jason Dixon (Jan 14)
- Re: Unusual DNS requests (not related to previous DNS thread) Greg A. Woods (Jan 15)
- Re: New DNS connection with SYN ACK Richard Arends (Jan 11)
- <Possible follow-ups>
- RE: New DNS connection with SYN ACK Cloppert, Michael (Jan 14)