lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: tmayr at (Thorsten Mayr)
Subject: Malformed dns

Hi guys,

I found some funny stuff on my firewall-1, maybe u guys got n idea what
could cause it.

// Log excerp:
"356258" "28Apr2004" "6:38:55" "Multi-product" "*****" "*****" "Log"
"Drop" "domain-udp" "" "" "udp" "0" "domain-udp"
"" "Attack Info: Badly formed DNS"
"356259" "28Apr2004" "6:38:56" "VPN-1 & FireWall-1" "***" "****" "Log"
"Accept" "domain-udp" "" "" "udp" ""
"domain-udp" "" "session_id: 764; dns_query:
(+) (+) (+)
(+) (+) (+)
(+) (+) ; dns_type:

(The **** are our fw hosts...)

Anybody heard about somewhat that is about to DoS * got
loads dropped querries trying to talk to several of their hosts...
Always around midtime - will sniff the packets tomorrow.... There are
quite a lot querries like that.

I am happy for any help on that one.
Though the traffic is caused from one of the servers not running a dns
service at all.
It used to serve as a SQL server which was shut down recently... Now all
it does is act as a wins server.
Nt 4.0

Thx in advance.


Powered by blists - more mailing lists