Full Disclosure mailing list archives
Re: FW: Question for DNS pros
From: "Ian Latter" <Ian.Latter () mq edu au>
Date: Wed, 04 Aug 2004 12:24:50 +1000
So, I'm speculating that a DNS lookup to something somewhere results in these IP's performing the observed theatrics (two UDP DNS queries, one TCP SYN scan with payload, and one ICMP ping).
This doesn't sound like nstx ... but it does sound familiar. I've put a call to a friend who I recall mentioning a response like this from one of the .mil sites four-five years ago .. I'll see if he recalls the sequence for the trigger .. may help .. he did demonstrate it, but I wasn't so interested at the time ...
If it turns out that all mystery come from China, what do you make out of that?
.. that you'll need two bytes and a dictionary to read each char from the payload? ;-) -- Ian Latter Internet and Networking Security Officer Macquarie University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: FW: Question for DNS pros, (continued)
- Re: FW: Question for DNS pros Ron DuFresne (Aug 03)
- Re: FW: Question for DNS pros John Hall (Aug 04)
- Re: FW: Question for DNS pros John Hall (Aug 04)
- Re: FW: Question for DNS pros Nils Ketelsen (Aug 04)
- Re: FW: Question for DNS pros John Hall (Aug 05)
- Re: FW: Question for DNS pros Mark (Aug 03)
- Re: FW: Question for DNS pros John Hall (Aug 04)
- Re: FW: Question for DNS pros Gary E. Miller (Aug 04)
- Re: FW: Question for DNS pros John Hall (Aug 05)
- Re: FW: Question for DNS pros Gary E. Miller (Aug 05)
- Re: FW: Question for DNS pros Paul Schmehl (Aug 03)