NT Compromise -- Update -- SRC PORT: 53 traffic

• Previous message: Matthew D. Close: "Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog"
• Next in thread: Bill Royds: "RE: NT Compromise -- Update -- SRC PORT: 53 traffic"
• Reply: Bill Royds: "RE: NT Compromise -- Update -- SRC PORT: 53 traffic"
• Reply: Joep Gommers: "Re: NT Compromise -- Update -- SRC PORT: 53 traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I should mention that the packets were flooding our DNS server, enough
traffic to saturate and bring down our T1. Please note that again, the
port 53 was not the DST port, rather, the SRC port of each packet.


-- 


============================================================
Loki
Founder, Chief Research Scientist
Fate Research Labs
United States VPN Division
------------------------------------------------------------
[w] http://www.fatelabs.com
[e] lokiat_private
[p] +1 412 303 3115
------------------------------------------------------------
"Ipsa Scientia Potestas Est" Knowledge itself is power.
============================================================


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Next message: Mike Lewinski: "Re: NT Compromise -- UPDATE (UDP Flood SRC=53)"
• Previous message: Matthew D. Close: "Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog"
• Next in thread: Bill Royds: "RE: NT Compromise -- Update -- SRC PORT: 53 traffic"
• Reply: Bill Royds: "RE: NT Compromise -- Update -- SRC PORT: 53 traffic"
• Reply: Joep Gommers: "Re: NT Compromise -- Update -- SRC PORT: 53 traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 24 2001 - 12:47:09 PST