Nick Drage wrote: > Apologies for adding another "me too", but there's a thread in > comp.security.firewalls, subject "Misconfigured DNS, firewall too tight > or (spoofed?) attack?", discussing the same thing. > > I'd be interested to know what is causing this traffic, my guess in that > Usenet thread was that the person receiving these packets was a fake > source for DNS scanning - but that is, of course, wrong. This has been discussed on a variety of lists the past year, since they began appearing in Feb-March 2001. Have you ever come across a pop-up ad having to do with a camcorder? If you look in your logs at the time this ad appears you will see the list of ip's starting to show.. can't remember the exact name of that ad, though, this technique of load balancing is just plain clumsy since it shouldn't be so visible. http://www.geocrawler.com/archives/3/303/2001/4/150/5628582/ -- Patrick Benson Stockholm, Sweden ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 14 2002 - 16:11:34 PST