Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: FW: [Full-Disclosure] Question for DNS pros
From: Ian Latter (Ian.Lattermq.edu.au)
Date: Tue Aug 03 2004 - 21:24:50 CDT
> So, I'm speculating that a DNS lookup to something somewhere results in
> these IP's performing the observed theatrics (two UDP DNS queries, one
> TCP SYN scan with payload, and one ICMP ping).
This doesn't sound like nstx ... but it does sound familiar. I've put a
call to a friend who I recall mentioning a response like this from one
of the .mil sites four-five years ago .. I'll see if he recalls the
sequence for the trigger .. may help .. he did demonstrate it, but I
wasn't so interested at the time ...
> If it turns out that all mystery come from China, what do you make out
> of that?
.. that you'll need two bytes and a dictionary to read each char from
the payload? ;-)
Internet and Networking Security Officer
Full-Disclosure - We believe in it.