lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200408040337.i743bnU28350@singularity.tronunltd.com>
From: Ian.Latter at mq.edu.au (Ian Latter)
Subject: FW: Question for DNS pros


Glad you guys found it.

Gotta response from my friend, he doesn't recall all of the 
detail (4-5years is a bit hard), but remembers that if you used a 
certain DNS server ("digger" at the time)  that served the 
Australian DSTO site, as your default W2K DNS host, he 
believed that the act of 2K attempting to register itself in the 
foreign DNS was what resulted in a probe of some description 
(enough to agitate the buggery out of BlackIce Defender).

Don't ask me why he was using .gov/.mil DNS servers for his
stinky w2k boxen ... I was building ISPs at the time and thought
he was a bit broken.



----- Original Message -----
>From: "Ian Latter" <Ian.Latter@...edu.au>
>To: "Frank Knobbe" <frank@...bbe.us>
>Subject:  Re: FW: [Full-Disclosure] Question for DNS pros
>Date: Wed, 04 Aug 2004 12:24:50 +1000
>
> 
> 
> > So, I'm speculating that a DNS lookup to something somewhere results in
> > these IP's performing the observed theatrics (two UDP DNS queries, one
> > TCP SYN scan with payload, and one ICMP ping).
> 
> This doesn't sound like nstx ... but it does sound familiar.  I've put a 
> call to a friend who I recall mentioning a response like this from one
> of the .mil sites four-five years ago .. I'll see if he recalls the 
> sequence for the trigger .. may help .. he did demonstrate it, but I
> wasn't so interested at the time ...
> 
> 
> > If it turns out that all mystery come from China, what do you make out
> > of that?
> 
> ... that you'll need two bytes and a dictionary to read each char from 
> the payload? ;-)
>  
> 
> --
> Ian Latter
> Internet and Networking Security Officer
> Macquarie University
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

--
Ian Latter
Internet and Networking Security Officer
Macquarie University

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ