RE: VPN connection attempts to resolvers?

From: Toni Heinonen (Toni.Heinonenat_private)
Date: Thu Apr 04 2002 - 08:54:05 PST

  • Next message: Blake Frantz: "Botnet/Domains"

    > We've observed what appear to be attempts to establish a VPN 
    > connection to
    > our caching-only resolvers. I have commented each of the 
    > packet dumps below.
    > None of our nameservers provide any VPN services, and never have.
    > 
    > Since I am not a VPN expert, I'm wondering if anyone else can 
    > shed some
    > light on what might be going on here. Is this just a 
    > brain-dead VPN client
    > that's making bad assumptions about it's resolvers? Or is 
    > there something
    > more malicious going on? The traffic was picked up after a 
    > SYN flood to one
    > of the DNS servers led to further investigation.
    
    Hello!
    
    This matter has been previously discussed. Please see
    http://lists.jammed.com/incidents/2002/01/0175.html
    
    HTH,
    TONI HEINONEN, CISSP
       TELEWARE OY
       Telephone  +358 (9) 3434 9123  *  Fax  +358 (9) 3431 321
       Wireless  +358 40 836 1815
       Kauppakartanonkatu 7, 00930 Helsinki, Finland
       toni.heinonenat_private  *  www.teleware.fi
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Apr 04 2002 - 10:40:48 PST