Re: New DNS connection with SYN ACK

From: Patrick Benson (bensonat_private)
Date: Mon Jan 14 2002 - 12:26:36 PST

  • Next message: measlat_private: "Unusual DNS requests (not related to previous DNS thread)"

    Nick Drage wrote:
    
    > Apologies for adding another "me too", but there's a thread in
    > comp.security.firewalls, subject "Misconfigured DNS, firewall too tight
    > or (spoofed?) attack?", discussing the same thing.
    > 
    > I'd be interested to know what is causing this traffic, my guess in that
    > Usenet thread was that the person receiving these packets was a fake
    > source for DNS scanning - but that is, of course, wrong.
    
    This has been discussed on a variety of lists the past year, since they
    began appearing in Feb-March 2001. Have you ever come across a pop-up ad
    having to do with a camcorder? If you look in your logs at the time this
    ad appears you will see the list of ip's starting to show.. can't
    remember the exact name of that ad, though, this technique of load
    balancing is just plain clumsy since it shouldn't be so visible.
    
    http://www.geocrawler.com/archives/3/303/2001/4/150/5628582/
    
    -- 
    Patrick Benson
    Stockholm, Sweden
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Mon Jan 14 2002 - 16:11:34 PST