[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Malformed DNS packets

To: Chris Brown <chris@get-tuf.com>
Subject: Re: [Full-Disclosure] Malformed DNS packets
From: daniel uriah clemens <daniel_clemens@autism.birmingham-infragard.org>
Date: Mon, 8 Dec 2003 17:57:41 +0000 (GMT)

> At last the answer...
>
> http://www.lurhq.com/sinit.html
>
> Appears that the increase in DNS traffic is down to the Sinit P2P trojan.

Here are some packet captures for the calipso trojan.
Thanks again Joe!!

-Daniel Uriah Clemens

Esse quam videra
     (to be, rather than to appear)
                     -Moments of Sorrow are Moments of Sobriety
http://www.birmingham-infragard.org   | 2053284200
fingerprint: EDF0 6566 2A4A 220E 5760  EA1F 0424 6DF6 F662 F5BD

Attachment: malformed_DNS.obf.pcap
Description: Binary data

References:
- [Full-Disclosure] Malformed DNS packets
  - From: "Chris Brown" <chris@get-tuf.com>

Prev by Date: [Full-Disclosure] MDKSA-2003:112 - Updated cvs packages fix malformed module request vulnerability
Next by Date: [Full-Disclosure] MDKSA-2003:113 - Updated screen packages fix buffer overflow vulnerability
Previous by thread: [Full-Disclosure] Malformed DNS packets
Next by thread: [Full-Disclosure] MDKSA-2003:112 - Updated cvs packages fix malformed module request vulnerability
Index(es):
- Date
- Thread