lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200310020105.39542.fulldiclosure@ricin.com>
From: fulldiclosure at ricin.com (Danny Pansters)
Subject: Mystery DNS Changes

On Wednesday 01 October 2003 21:19, Hansen, Kevin wrote:
> We have seen multiple instances where DHCP enabled workstations have
> had their DNS reconfigured to point to two of the three addresses
> listed below. Can anyone else confirm this? Incidents.org is
> reporting an increase in port 53 traffic over the last two days. Are
> we looking at the precursor to the next worm?
>
> 216.127.92.38
> 69.57.146.14
> 69.57.147.175
>
> -KJH
>

How bout asking admin@....net? You likely have some spy/ad/pay ware on 
client machines. See lop.com and others.

There's crap traffic on port 53 all the time, I get speedera ping-like 
traffic on my port 53 several times a day. It's a verifiable swarm but 
no one at att, verio, uunet, whatever seem to care. My cable ISP told 
me I could start legal action. Yeah right. This is probably a common 
occurance.

I think you're mixing up two different issues here.

Dan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ