NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Incidents> 2003-07

RE: Strange domain-udp signature

From: Stong, Ian C. (Contractor) (StongIncr.disa.mil)
Date: Thu Jul 17 2003 - 13:59:07 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It's very common for DNS load balancers to be configured to "query"
destinations to determine response time and delay. This information is then
stored and referenced when a DNS request comes in such that the response
given to the request is based on the best path as of the last snapshot.

No harm done - but some don't like it as you have to dig further to find out
if it's legitimate query traffic or probes that are precursor to attacks.

Ian

-----Original Message-----
From: Sudom, Don [mailto:dsudom1wcb.bc.ca]
Sent: Thursday, July 17, 2003 1:23 PM
To: Ed Allen Smith
Cc: incidentslists.securityfocus.com
Subject: RE: Strange domain-udp signature

I've done some more digging and this particular signature is
from a dns global load balancer designed and used by speedera.com.
Very annoying, and as far as I'm concerned unauthorized active recon
is unethical.

Don

----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training
sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's
to
"underground" security specialists. See for yourself what the buzz is
about!
Early-bird registration ends July 3. This event will sell out.
www.blackhat.com
----------------------------------------------------------------------------

----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]