lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: Ian.Latter at mq.edu.au (Ian Latter)
Subject: FW: Question for DNS pros

I've been flat out here -- but I've tried to stay on this thread ..

Are you guys sure that this isn't the server end of the 
ip-over-dns software (nstxd) trying to get data back to the
now non-existent client?

It would have made it through your statefull kit if it was 
initiated from that problem address of yours (Paul), originally.


The only thing I see not being consistent with the nstx stuff
is the multiple sources/channels ... but that doesn't mean
that there couldn't have been multiple connections from the
problem address, or a multi-terminating version of the client/
server software .. (a dns hub of sorts).



----- Original Message -----
>From: "Ron DuFresne" <dufresne@...ternet.com>
>To: "Paul Schmehl" <pauls@...allas.edu>
>Subject:  Re: FW: [Full-Disclosure] Question for DNS pros
>Date: Tue, 03 Aug 2004 11:29:55 -0500
>
> 
> 	[SNIP]
> 
> > >
> > Mine are identical to yours.  Same host, same src port, same types of
> > packets, same ttl, same len)  Whatever this is is obviously crafted from
> > some sort of script.  The only thing I can think of is recon.  If someone
> > has any bright ideas, speak up.
> >
> 
> I think Frank mentioned the packets being like 2048 in size, and this
> makes me wonder if it's a tad more then mere recon.  Might be trying to
> exploit or develope an exploit for bind.  and might be a tool in progress
> for a specific bind OS combo.
> 
> But, I find just tossing the offenders into the "not allowed" list of
> entowrk addresses reduces the log fluff as well as hinder progressive
> testing, for them, at least off my networks.
> 
> 
> 
> Thanks,
> 
> Ron DuFresne
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> 	***testing, only testing, and damn good at it too!***
> 
> OK, so you're a Ph.D.  Just don't touch anything.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

--
Ian Latter
Internet and Networking Security Officer
Macquarie University


Powered by blists - more mailing lists