Re: Increase in DNS traffic?

From: Simon Delicata (sdelicataat_private)
Date: Wed Aug 08 2001 - 11:49:44 PDT

Next message: John Hall: "Re: CR vs. CoreBuilder"

Previous message: Reeves, Michael (GEAE, Compaq): "DHCP, ARP, oh my Anyone know of an exploit that dupes ARP on wind ows 95?"
Maybe in reply to: kath: "Increase in DNS traffic?"
Next in thread: measlat_private: "Re: Increase in DNS traffic?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yeah... I've noticed a continually open ( 2 days +) UDP port from our ISP
to our DNS server. I chopped the timeouts for idle connections (firewall
setting), which has seemed to have helped. I've not read too deeply into
the ida exploits, but if it tries to do a reverse DNS lookup against IP
addresses it attacks, this might explain the spike

Simon D



                                                                                                                                
                    "kath"                                                                                                      
                    <kath@kathweb        To:     <INCIDENTSat_private>                                                  
                    .net>                cc:                                                                                    
                                         Subject:     Increase in DNS traffic?                                                  
                    08/08/01                                                                                                    
                    04:49                                                                                                       
                                                                                                                                
                                                                                                                                




Anyone see a spike in traffic to port 53?

This is really odd, considering noone really uses this DNS server for
lookups.

- k


----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: John Hall: "Re: CR vs. CoreBuilder"
Previous message: Reeves, Michael (GEAE, Compaq): "DHCP, ARP, oh my Anyone know of an exploit that dupes ARP on wind ows 95?"
Maybe in reply to: kath: "Increase in DNS traffic?"
Next in thread: measlat_private: "Re: Increase in DNS traffic?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 15:21:27 PDT