Lots of DNS Exploit attempts

[jduksta () RT1SOLUTIONS COM (John Duksta)]

Well, it looks like this attack is getting pretty wide-spread.
Either that or people are targeting cable modem users to see
if there are unprotected boxen out there.

Here's a snippit of my log file from my firewall at home. I've
been seeing this attack all weekend.

Thankfully I'm not running DNS out of the house. :)

-john

04/02/2000 19:50:22.672 -       TCP connection dropped -
Source:Attacker.202, 2201, WAN -       Destination:MyFirewall.212, 53,
LAN - 'Name Service (DNS)' -  Rule 0
04/02/2000 19:50:22.688 -       TCP connection dropped -
Source:Attacker.202, 2200, WAN -       Destination:MyFirewall.212, 53,
LAN - 'Name Service (DNS)' -  Rule 0
04/02/2000 19:50:22.688 -       TCP connection dropped -
Source:Attacker.202, 2202, WAN -       Destination:MyFirewall.212, 53,
LAN - 'Name Service (DNS)' -  Rule 0
04/02/2000 19:55:12.800 -       TCP connection dropped -
Source:Attacker.202, 2001, WAN -       Destination:MyFirewall.212, 53,
LAN - 'Name Service (DNS)' -  Rule 0
04/02/2000 19:55:12.800 -       TCP connection dropped -
Source:Attacker.202, 2000, WAN -       Destination:MyFirewall.212, 53,
LAN - 'Name Service (DNS)' -  Rule 0
04/02/2000 19:55:12.800 -       TCP connection dropped -
Source:Attacker.202, 2002, WAN -       Destination:MyFirewall.212, 53,
LAN - 'Name Service (DNS)' -  Rule 0
04/02/2000 19:56:14.896 -       TCP connection dropped -
Source:Attacker.202, 3202, WAN -       Destination:MyFirewall.212, 53,
LAN - 'Name Service (DNS)' -  Rule 0
04/02/2000 19:56:14.896 -       TCP connection dropped -
Source:Attacker.202, 3201, WAN -       Destination:MyFirewall.212, 53,
LAN - 'Name Service (DNS)' -  Rule 0
04/02/2000 19:56:14.896 -       TCP connection dropped -
Source:Attacker.202, 3200, WAN -       Destination:MyFirewall.212, 53,
LAN - 'Name Service (DNS)' -  Rule 0


--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
John C.C. Duksta, CISSP
Rt. 1 Solutions
email: jduksta () rt1solutions com