nanog mailing list archives
Re: dns.exe virus?
From: bmanning () karoshi com
Date: Mon, 8 Sep 2003 14:36:47 -0700 (PDT)
Christopher J. Wolff wrote:Chris, It was really odd. Here is an example of what the two hosts .3 and .4 were up to.For grins, I ran that through our blacklist tool to see what it coughed up. Nothing was on our blacklists. Had rDNS's like *.google.com, *.akamai.com, sprintbbsd, ns2.granitecanyon.com, DNS root servers and a few non-resolving IPs. DNS resolution loop perchance?
From here, they all show up in the logs attemptin
dynamic updates of the in-addr.arpa domain. :)
Time to suck pkts... although I 'spect they are
trying to perform stupid DNS tricks like:
floss.local.in-addr.arpa. A 10.10.10.10
--bill
Current thread:
- dns.exe virus? Christopher J. Wolff (Sep 08)
- RE: dns.exe virus? Ken Budd (Sep 08)
- RE: dns.exe virus? Stephen J. Wilcox (Sep 08)
- Re: dns.exe virus? Chris Lewis (Sep 08)
- RE: dns.exe virus? Christopher J. Wolff (Sep 08)
- Re: dns.exe virus? Chris Lewis (Sep 08)
- Re: dns.exe virus? bmanning (Sep 08)
- RE: dns.exe virus? Christopher J. Wolff (Sep 08)
- RE: dns.exe virus? Christopher J. Wolff (Sep 08)
- Re: dns.exe virus? Richard Cox (Sep 08)
- RE: dns.exe virus? Ken Budd (Sep 08)