On Tue, 29 May 2001 16:34:51 -0400 "Portnoy, Gary" <gportnoyat_private> wrote: > Greetings. > > I have Snort configured to alert on version.bind queries and the following > is what i've been seeing. > In the last week, I've seen about 10 version.bind queries to seemingly > random IP's on my subnet. I got so fed up with these a couple of weeks ago that I commented out the snort rule. I assume these are yet another worm doing random probing, I'm currently seeing about 120 machine probing random addresses on our network with udp-53 (yes, they are the same as the ones you list). Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand
This archive was generated by hypermail 2b30 : Wed May 30 2001 - 07:19:41 PDT