Security Incidents: Bogus DNS traffic

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Bogus DNS traffic

From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 22 Oct 2003 12:38:51 -0700

  I'm seeing random UDP packets to port 53 of random
internal IP addresses.  The source IP addresses are
external, all over the map, although the one example
I've gotten a good capture of bore the source MAC
address of an internal server.  (Whatever is spoofing
the IP address *could* be spoofing the MAC address, but
that would still indicate an origin inside our network....)

  Does anyone recognize this?

David Gillett



---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
----------------------------------------------------------------------------

By Date By Thread

Current thread:

Need help to find web server attacks signature Maxime Ducharme (Oct 22)
- Re: Need help to find web server attacks signature Muhammad Naseer (Oct 22)
  - Re: Need help to find web server attacks signature Fatih Özavcı (Oct 23)
- Bogus DNS traffic David Gillett (Oct 22)
  - RE: Bogus DNS traffic Mike Anderson (Oct 23)
    - RE: Bogus DNS traffic David Gillett (Oct 23)
  - Re: Bogus DNS traffic Brian Collins (Oct 23)
  - Re: Bogus DNS traffic Robert Lowe (Oct 23)
  - Re: [despammed] Bogus DNS traffic whiplash (Oct 24)