Security Incidents mailing list archives
Re: Flood of bad DNS queries
From: Jeff Kell <jeff-kell () utc edu>
Date: Thu, 04 Dec 2003 00:09:18 -0500
Jacques Bourdeau wrote:
here, I blocked four /24 networks from Microsoft. 207.46.49.0/24 is one of them. It begun during lasts days of september.207.46.7 / 24 207.46.242 / 24 207.46.76 / 24 207.46.49 / 24
Is this anything like the "leakage" from the Broadband client? We see leakage (blocked by anti-spoofing egress) of UDP (usually NTP) and ICMP with apparently "spoofed" AOL source addresses. They haven't yet quite perfected their little "client tunneling" tricks yet.
Jeff --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Flood of bad DNS queries Brett Glass (Dec 03)
- Re: Flood of bad DNS queries Kurt Seifried (Dec 03)
- Re: Flood of bad DNS queries Jacques Bourdeau (Dec 03)
- Re: Flood of bad DNS queries Mike Lyman (Dec 04)
- Re: Flood of bad DNS queries Jeff Kell (Dec 04)
- Re: Flood of bad DNS queries Mike Lyman (Dec 03)