[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: [Full-Disclosure] Question for DNS pros

To: "Frank Knobbe" <frank@xxxxxxxxx>
Subject: Re: FW: [Full-Disclosure] Question for DNS pros
From: "Ian Latter" <Ian.Latter@xxxxxxxxx>
Date: Wed, 04 Aug 2004 12:24:50 +1000


> So, I'm speculating that a DNS lookup to something somewhere results in
> these IP's performing the observed theatrics (two UDP DNS queries, one
> TCP SYN scan with payload, and one ICMP ping).

This doesn't sound like nstx ... but it does sound familiar.  I've put a 
call to a friend who I recall mentioning a response like this from one
of the .mil sites four-five years ago .. I'll see if he recalls the 
sequence for the trigger .. may help .. he did demonstrate it, but I
wasn't so interested at the time ...


> If it turns out that all mystery come from China, what do you make out
> of that?

.. that you'll need two bytes and a dictionary to read each char from 
the payload? ;-)
 

--
Ian Latter
Internet and Networking Security Officer
Macquarie University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] iDEFENSE Security Advisory 08.03.04a: NGSEC StackDefender 1.10 Invalid Pointer Dereference Vulnerability
Next by Date: Re: FW: [Full-Disclosure] Question for DNS pros
Previous by thread: Re: FW: [Full-Disclosure] Question for DNS pros
Next by thread: Re: FW: [Full-Disclosure] Question for DNS pros
Index(es):
- Date
- Thread