nanog mailing list archives

Re: huh

From: Sean Donelan <sean () donelan com>
Date: Tue, 15 Jan 2002 16:22:03 -0500 (EST)



On Tue, 15 Jan 2002, Tim Devries wrote:

Ok, well this is good to know.  Although it still doesn't explain why my
firewall is reporting DNS UDP/TCP probes from windowupdate.com on a regular
basis.


A couple of possibilities
   - DNS cache poisoning sending spoofed answers to your DNS server (are
       you running a current version of BIND or an alternative?)
   - DDOS attack on windowsupdate.com using spoofed source packets (DNS
       and HTTP packets can tunnel through most firewall configurations)

Current thread:

huh Ian A Finlay (Jan 15)
- Re: huh David G. Andersen (Jan 15)
  - Re: huh Ian A Finlay (Jan 15)
    - Re: huh Valdis . Kletnieks (Jan 15)
- <Possible follow-ups>
- Re: huh Steven M. Bellovin (Jan 15)
  - Re: huh Sean Donelan (Jan 15)
    - Re: huh Tim Devries (Jan 15)
    - Re: huh Sean Donelan (Jan 15)
    - Re: huh Sean Donelan (Jan 15)
    - Re: huh Leo Bicknell (Jan 15)
- RE: huh Hunter, Jonathan (Jan 15)