Home page logo

educause logo Educause Security Discussion mailing list archives

Re: 360.cn Website
From: Richard Applebee <rapplebee () WESTERNU EDU>
Date: Wed, 28 Nov 2012 00:02:30 +0000

Sorry for not seeing this earlier. I have heard of just such a scheme, namely, using TCP and UDP 53 for non-DNS traffic 
that they (the bad guys) are hoping will not be noticed. Typically, this is used by bots to talk to their command and 
control servers.

Richard Applebee
Network Architect
V (909) 469-5662
F (909) 706-3460
Western University of Health Sciences

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tatum, 
Sent: Monday, November 19, 2012 12:14 PM
Subject: [SECURITY] 360.cn Website

Does anyone know if the 360.cn website, or associated software is legitimate antivirus and antimalware?

I've noticed some odd traffic heading to qurl.f.360.cn on port 53.  They're not DNS queries, but seems to be a large 
payload of encoded data.

Jeff Tatum
Network Admin III, Office of Information Technology
Communications: Network Services

The University of Tennessee
103D6 Kingston Pike Building
2309 Kingston Pike
Knoxville, TN  37996
Phone: 865-974-7424

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]