Security Incidents mailing list archives

Re: Bogus DNS traffic

From: Brian Collins <listbc () newnanutilities org>
Date: Wed, 22 Oct 2003 16:50:00 -0400

  I'm seeing random UDP packets to port 53 of random
internal IP addresses.  The source IP addresses are
external, all over the map, although the one example
I've gotten a good capture of bore the source MAC
address of an internal server.  (Whatever is spoofing
the IP address *could* be spoofing the MAC address, but
that would still indicate an origin inside our network....)

  Does anyone recognize this?


Check here...
http://isc.sans.org/diary.html

What you're seeing might be the same.
--Brian Collins


---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
----------------------------------------------------------------------------

Current thread:

Need help to find web server attacks signature Maxime Ducharme (Oct 22)
- Re: Need help to find web server attacks signature Muhammad Naseer (Oct 22)
  - Re: Need help to find web server attacks signature Fatih Özavcı (Oct 23)
- Bogus DNS traffic David Gillett (Oct 22)
  - RE: Bogus DNS traffic Mike Anderson (Oct 23)
    - RE: Bogus DNS traffic David Gillett (Oct 23)
  - Re: Bogus DNS traffic Brian Collins (Oct 23)
  - Re: Bogus DNS traffic Robert Lowe (Oct 23)
  - Re: [despammed] Bogus DNS traffic whiplash (Oct 24)
- RE: Need help to find web server attacks signature Mike Brownbill (Oct 23)
- Re: Need help to find web server attacks signature Tri Huynh (Oct 24)