> -----Original Message----- > From: S.Waterhouse@ST-JEAN.RMC.CA > [mailto:S.Waterhouse@ST-JEAN.RMC.CA] > Sent: Wednesday, 20 August 2003 7:03 a.m. > To: incidentsat_private > Subject: Unusual DNS and port 37 requests > Importance: High > > > 1. For the past hours, we've monitored massive DNS lookups > initiated from the inside to outside for resolution, enough > to flood the link therefore slowing the pace at which we can > work. Have any of you seen this kind of behaviour ? One > company is currently monitoring the same situation elsewhere, > same criteria. > > 2. And in between the previous point,, we have many request > asking for time updates on port 37, which I never saw before. > Any ideas ? > > 3. Have a nice day to all Nice day or not, I've been fighting Sobig-F whole day :) Both requests that you've seen come from Sobig-F and I can see that traffic as well. This one spreads like hell, be sure to check your e-mail servers. Also, one precaution - I had to turn off all message notifications for recipiends as the worm makes huge amount of traffic. Regards, Bojan Zdrnja --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Aug 20 2003 - 16:26:25 PDT