|
Full Disclosure
mailing list archives
Re: Mystery DNS Changes
From: Danny Pansters <fulldiclosure () ricin com>
Date: Thu, 2 Oct 2003 01:05:39 +0200
On Wednesday 01 October 2003 21:19, Hansen, Kevin wrote:
We have seen multiple instances where DHCP enabled workstations have
had their DNS reconfigured to point to two of the three addresses
listed below. Can anyone else confirm this? Incidents.org is
reporting an increase in port 53 traffic over the last two days. Are
we looking at the precursor to the next worm?
216.127.92.38
69.57.146.14
69.57.147.175
-KJH
How bout asking admin () ev1 net? You likely have some spy/ad/pay ware on
client machines. See lop.com and others.
There's crap traffic on port 53 all the time, I get speedera ping-like
traffic on my port 53 several times a day. It's a verifiable swarm but
no one at att, verio, uunet, whatever seem to care. My cable ISP told
me I could start legal action. Yeah right. This is probably a common
occurance.
I think you're mixing up two different issues here.
Dan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- Re: Mystery DNS Changes, (continued)
|
Intro
