|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Bogus DNS traffic
From: Mike Anderson (secure
spoofedpackets.net)
Date: Wed Oct 22 2003 - 15:34:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dave,
You might be seeing an increase in DNS traffic as results from
this trojan.
QHosts Trojan Horse
added October 2
The CERT/CC has received reports of a new Trojan Horse program affecting
Microsoft Windows systems. The QHosts or Qhosts-1 Trojan Horse has been
reported to alter domain name service (DNS) settings on Windows systems
and redirect users from legitimate web sites to those specified by the
Trojan Horse program. The CERT/CC is tracking this activity as
CERT#27882 and is interested in receiving reports thereof. Relevant
artifacts or activity can be sent to certcert.org with "CERT#27882" in
the subject line.
The CERT/CC strongly encourages users to install anti-virus software,
and keep its virus signature files up-to-date.
I got this from cert's website. You might want to check that out.
Mike Anderson
Systems Engineer
-----Original Message-----
From: David Gillett [mailto:gillettdavidfhda.edu]
Sent: Wednesday, October 22, 2003 3:39 PM
To: incidentssecurityfocus.com
Subject: Bogus DNS traffic
I'm seeing random UDP packets to port 53 of random
internal IP addresses. The source IP addresses are
external, all over the map, although the one example
I've gotten a good capture of bore the source MAC
address of an internal server. (Whatever is spoofing
the IP address *could* be spoofing the MAC address, but
that would still indicate an origin inside our network....)
Does anyone recognize this?
David Gillett
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]