lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: tmayr at kitcon.net (Thorsten Mayr)
Subject: Malformed dns

Hi guys,

I found some funny stuff on my firewall-1, maybe u guys got n idea what
could cause it.

// Log excerp:
"356258" "28Apr2004" "6:38:55" "Multi-product" "*****" "*****" "Log"
"Drop" "domain-udp" "10.118.100.2" "216.73.86.10" "udp" "0" "domain-udp"
"" "Attack Info: Badly formed DNS"
"356259" "28Apr2004" "6:38:56" "VPN-1 & FireWall-1" "***" "****" "Log"
"Accept" "domain-udp" "10.118.100.2" "216.73.86.10" "udp" ""
"domain-udp" "" "session_id: 764; dns_query: ebay.doubleclick.net
(+)ebay.doubleclick.net (+)ebay.doubleclick.net (+)ebay.doubleclick.net
(+)ebay.doubleclick.net (+)ebay.doubleclick.net (+)ebay.doubleclick.net
(+)ebay.doubleclick.net (+)ebay.doubleclick.net ; dns_type:
A(+)A(+)A(+)A(+)A(+)A(+)A(+)A(+)A"
//end

(The **** are our fw hosts...)

Anybody heard about somewhat that is about to DoS *.doubleclick.net? got
loads dropped querries trying to talk to several of their hosts...
Always around midtime - will sniff the packets tomorrow.... There are
quite a lot querries like that.

I am happy for any help on that one.
Though the traffic is caused from one of the servers not running a dns
service at all.
It used to serve as a SQL server which was shut down recently... Now all
it does is act as a wins server.
Nt 4.0

Thx in advance.

Regards
Thorsten 



Powered by blists - more mailing lists