|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: FW: [Full-Disclosure] Question for DNS pros
From: Ian Latter (Ian.Latter
mq.edu.au)
Date: Tue Aug 03 2004 - 21:24:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> So, I'm speculating that a DNS lookup to something somewhere results in
> these IP's performing the observed theatrics (two UDP DNS queries, one
> TCP SYN scan with payload, and one ICMP ping).
This doesn't sound like nstx ... but it does sound familiar. I've put a
call to a friend who I recall mentioning a response like this from one
of the .mil sites four-five years ago .. I'll see if he recalls the
sequence for the trigger .. may help .. he did demonstrate it, but I
wasn't so interested at the time ...
> If it turns out that all mystery come from China, what do you make out
> of that?
.. that you'll need two bytes and a dictionary to read each char from
the payload? ;-)
--
Ian Latter
Internet and Networking Security Officer
Macquarie University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]