> We've observed what appear to be attempts to establish a VPN > connection to > our caching-only resolvers. I have commented each of the > packet dumps below. > None of our nameservers provide any VPN services, and never have. > > Since I am not a VPN expert, I'm wondering if anyone else can > shed some > light on what might be going on here. Is this just a > brain-dead VPN client > that's making bad assumptions about it's resolvers? Or is > there something > more malicious going on? The traffic was picked up after a > SYN flood to one > of the DNS servers led to further investigation. Hello! This matter has been previously discussed. Please see http://lists.jammed.com/incidents/2002/01/0175.html HTH, TONI HEINONEN, CISSP TELEWARE OY Telephone +358 (9) 3434 9123 * Fax +358 (9) 3431 321 Wireless +358 40 836 1815 Kauppakartanonkatu 7, 00930 Helsinki, Finland toni.heinonenat_private * www.teleware.fi ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Apr 04 2002 - 10:40:48 PST