|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Alert: Teardrop2 Attack - Update #3
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: Alert: Teardrop2 Attack - Update #3
- From: Russ <Russ.CooperRC.ON.CA>
- Date: Tue, 3 Mar 1998 23:25:46 -0500
- Reply-To: Russ <Russ.CooperRC.ON.CA>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Scanning of DNS, or repeated DNS queries from the same address, may be a pre-cursor to the attack. Further, if you can enable full DNS logging it may be very helpful in tracking the true source of the attack. Although its been, rightly, pointed out that the attacker may be viewing the replies to spoofed DNS queries from a compromised router, its also just as possible they're not, in which case the source of the DNS query represents the true attacker address. Don't jump to any conclusions, if you have DNS logs of repeated lookups, got attacked, and are willing to share them, I've got the right people to form the conclusions...;-] BTW, Microsoft have been involved with this all along. This really seems to be a case of people not paying attention to the Microsoft Security Advisor (http://www.microsoft.com/security) or this list and applying the necessary patches. Not to disparage these fine institutions, but both CERT and CIAC issued advisories on the original Teardrop (CERT CA-97.28 & CIAC I-019), but never mentioned anything about Teardrop2 when it was released. To sing our own praises, we not only discussed it as it happened, but the http://www.ntbugtraq.com/ntfixes.asp page had the Teardrop2 patch on there within an hour of its release. Get the word out in your organizations, subscribe to NTBugTraq and watch the ntfixes.asp page. I'm getting punchy now after this long day, but let me tell you all, we've really got a community going here. The participation in this attack has proven that NTBugTraq works, and you, the readers, get all the credit. Thanks to all those unnamed sources for helping everyone stay on top of this. More news as and when it happens...;-] Cheers, Russ http://www.ntbugtraq.com
- Prev by Date: Re: Alert: Teardrop2 Attack - Update #2
- Next by Date: Re: Alert: Teardrop2 Attack - Update #4
- Prev by thread: Re: Alert: Teardrop2 Attack - Update #2
- Next by thread: Re: Alert: Teardrop2 Attack - Update #4
- Index(es):