Yeah... I've noticed a continually open ( 2 days +) UDP port from our ISP to our DNS server. I chopped the timeouts for idle connections (firewall setting), which has seemed to have helped. I've not read too deeply into the ida exploits, but if it tries to do a reverse DNS lookup against IP addresses it attacks, this might explain the spike Simon D "kath" <kath@kathweb To: <INCIDENTSat_private> .net> cc: Subject: Increase in DNS traffic? 08/08/01 04:49 Anyone see a spike in traffic to port 53? This is really odd, considering noone really uses this DNS server for lookups. - k ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 15:21:27 PDT