North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: dns.exe virus?
FYI, I put the suspect file up at http://www.bblabs.com/dns.exe Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Monday, September 08, 2003 2:37 PM To: Chris Lewis Cc: [email protected] Subject: Re: dns.exe virus? > Christopher J. Wolff wrote: > > > Chris, > > > > It was really odd. Here is an example of what the two hosts .3 and .4 > > were up to. > > For grins, I ran that through our blacklist tool to see what it coughed up. > > Nothing was on our blacklists. > > Had rDNS's like *.google.com, *.akamai.com, sprintbbsd, > ns2.granitecanyon.com, DNS root servers and a few non-resolving IPs. > > DNS resolution loop perchance? From here, they all show up in the logs attemptin dynamic updates of the in-addr.arpa domain. :) Time to suck pkts... although I 'spect they are trying to perform stupid DNS tricks like: floss.local.in-addr.arpa. A 10.10.10.10 --bill
|