| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200408040204.i74241n27690@singularity.tronunltd.com> From: Ian.Latter at mq.edu.au (Ian Latter) Subject: FW: Question for DNS pros I've been flat out here -- but I've tried to stay on this thread .. Are you guys sure that this isn't the server end of the ip-over-dns software (nstxd) trying to get data back to the now non-existent client? It would have made it through your statefull kit if it was initiated from that problem address of yours (Paul), originally. The only thing I see not being consistent with the nstx stuff is the multiple sources/channels ... but that doesn't mean that there couldn't have been multiple connections from the problem address, or a multi-terminating version of the client/ server software .. (a dns hub of sorts). ----- Original Message ----- >From: "Ron DuFresne" <dufresne@...ternet.com> >To: "Paul Schmehl" <pauls@...allas.edu> >Subject: Re: FW: [Full-Disclosure] Question for DNS pros >Date: Tue, 03 Aug 2004 11:29:55 -0500 > > > [SNIP] > > > > > > Mine are identical to yours. Same host, same src port, same types of > > packets, same ttl, same len) Whatever this is is obviously crafted from > > some sort of script. The only thing I can think of is recon. If someone > > has any bright ideas, speak up. > > > > I think Frank mentioned the packets being like 2048 in size, and this > makes me wonder if it's a tad more then mere recon. Might be trying to > exploit or develope an exploit for bind. and might be a tool in progress > for a specific bind OS combo. > > But, I find just tossing the offenders into the "not allowed" list of > entowrk addresses reduces the log fluff as well as hinder progressive > testing, for them, at least off my networks. > > > > Thanks, > > Ron DuFresne > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > > OK, so you're a Ph.D. Just don't touch anything. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- Ian Latter Internet and Networking Security Officer Macquarie University
Powered by blists - more mailing lists