[Cialug] Network traffic?
David Champion
dave at visionary.com
Thu Dec 8 19:42:31 CST 2005
I don't think so. It's all traffin coming in from the outside,
apparantly trying to make queries against a DNS server.
From the iptraf log:
Thu Dec 8 18:57:26 2005; UDP; eth0; 68 bytes; from 64.202.110.61:22911
to <my ip>:53
Lots and lots of these, from various IP's. I've tried to traceroute out
to a few of them but didn't get very far, before I get to an ATT or
Mcleod router and time out.
It was eating up 360k of bandwidth on a T1 connection according to mrtg
before I killed the DNS server there.
Has anyone seen any advisories on DNS (specifically bind)? I haven't
seen any recent ones - since about June - and that was really just a DoS.
-dc
Jerry Heiselman wrote:
> Possible mDNS getting out on your local subnet? Something from
> Bonjour/Zeroconf?
>
> On 12/8/05, David Champion <dave at visionary.com> wrote:
>
>>Josh More wrote:
>>
>>>I have seen some PHP X-site scripting/mail injection attacks that fit
>>>within this time frame. Perhaps you are seeing the results of
>>>successful attacks?
>>
>>How about a port 53 (DNS) attack? That's what I'm seeing, using iptraf
>>to monitor it.
>>
>>-dc
More information about the Cialug
mailing list