Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New DNS connection with SYN ACK

From: Patrick Benson <benson () chello se>
Date: Mon, 14 Jan 2002 21:26:36 +0100
Nick Drage wrote:


Apologies for adding another "me too", but there's a thread in
comp.security.firewalls, subject "Misconfigured DNS, firewall too tight
or (spoofed?) attack?", discussing the same thing.

I'd be interested to know what is causing this traffic, my guess in that
Usenet thread was that the person receiving these packets was a fake
source for DNS scanning - but that is, of course, wrong.


This has been discussed on a variety of lists the past year, since they
began appearing in Feb-March 2001. Have you ever come across a pop-up ad
having to do with a camcorder? If you look in your logs at the time this
ad appears you will see the list of ip's starting to show.. can't
remember the exact name of that ad, though, this technique of load
balancing is just plain clumsy since it shouldn't be so visible.

http://www.geocrawler.com/archives/3/303/2001/4/150/5628582/

-- 
Patrick Benson
Stockholm, Sweden

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: