<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Security Incidents: Re: Microsoft version.binding us now?

Re: Microsoft version.binding us now?

From: Richard Bejtlich <bejtlich_at_ALTAVISTA.NET>
Date: Sat, 3 Jun 2000 01:08:43 -0000

Hello,

Great work tracking this 3DNS signature! When I looked at
3DNS' F5 signatures last year, I found them using null 64
byte SYN packets to local name servers to try to test
latency. Actual polls for BIND versions is very
interesting -- are the incoming packets TCP? The vendor
said "It looks like an aborted zone transfer
normally, or a dns look-up that went wrong"; that sounds
like TCP to me. Also, are your machines responding?

Richard Bejtlich

--
Same here, every +/- 4 minutes they poll for our 
VERSION.BIND. I resolved
one of the ipnumbers to something.windowsupdate.com and I 
contacted the
technical contacts.

Received on Jun 05 2000

This message: [ Message body ]
Next message: Joe H: "very strange scan patterns"
Previous message: Tom Kee: "Re: Microsoft version.binding us now?"
In reply to: Thijs Eilander: "Re: Microsoft version.binding us now?"
Next in thread: Joe H: "very strange scan patterns"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos