lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200408040224.i742Oox27906@singularity.tronunltd.com>
From: Ian.Latter at mq.edu.au (Ian Latter)
Subject: FW: Question for DNS pros


> So, I'm speculating that a DNS lookup to something somewhere results in
> these IP's performing the observed theatrics (two UDP DNS queries, one
> TCP SYN scan with payload, and one ICMP ping).

This doesn't sound like nstx ... but it does sound familiar.  I've put a 
call to a friend who I recall mentioning a response like this from one
of the .mil sites four-five years ago .. I'll see if he recalls the 
sequence for the trigger .. may help .. he did demonstrate it, but I
wasn't so interested at the time ...


> If it turns out that all mystery come from China, what do you make out
> of that?

.. that you'll need two bytes and a dictionary to read each char from 
the payload? ;-)
 

--
Ian Latter
Internet and Networking Security Officer
Macquarie University

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ