I have also noticed a lot of this same activity but didn't know what it might be. However, scanning for the BIND exploit probably explains it. Thanks David!
Sincerely, Mason Landrum -----Original Message----- From: david raistrick [mailto:[EMAIL PROTECTED]] Sent: Friday, December 06, 2002 10:28 AM To: Randy Haley Cc: [EMAIL PROTECTED] Subject: Re: [gb-users] UDP Port 53 traffic On Fri, 6 Dec 2002, Randy Haley wrote: > 2002-12-06 15:07:30 Filter: RAF (45) block - Warning UDP > (207.46.150.12:2562) => (63.71.36.1:53) dc0 l=41 Interesting that 207.46.150.12 is contained in a microsoft allocated network.. Are these log messages all sourced from the same IP or from many different addresses? It's possible that someone (perhaps whoever configured 207.46.150.12) has set their workstation or server to use 63.71.36.1 as a resolving DNS server....this could be something as simple as a typo that caused it. If you're seeing these from many different IP addresses, however, you may want to consider the recent BIND exploits. It may be as simple as a bunch of scriptkiddies scanning you, looking for a place to play. If you wanted to see what questions were being asked if you, you could use a sniffer on your external network (tcpdump, ethereal, etc) to look at the contents of the queries being made. ...david --- David Raistrick Systems Administrator - Global Technology Associates, Inc [EMAIL PROTECTED] Disclaimer: All opinions expressed are the opinions of David Raistrick, not necessarily those of GTA, Inc. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
