Date: Mon, 18 May 1998 05:52:15 +0000 (GMT) From: marc@sniff.ct-net.de To: sysadmin@mfn.org (J.A. Terranson) Cc: Secure-NT@wwa.com, freebsd-questions@FreeBSD.ORG Subject: Re: [Secure-NT] Somewhat off-topic: Port 54 DNS Queries??? Message-ID: <199805180552.FAA00628@home.sniff.ct-net.de> In-Reply-To: <01BD81D3.5C8F7530@w3svcs.mfn.org> from "J.A. Terranson" at "May 17, 98 08:35:36 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! Sounds like the teardrop2 attack that was reported on some lists, in the press and in a CERT advisory. The one shutting off so many university-, nasa- and goverment-sites. Because these packets seem to be DNS traffic, they even slip through many "firewalls" and kill Win95/NT boxes without the appropriate hotfix. Are the packets fragmented? That should be an indication for this kind of attack. Regards, Marc > We have recently been rejecting a *ton* of udp packets from port 54 > that purport to be DNS queries. Does anyone know what's going on > here? > > TIA > > J.A. Terranson > sysadmin@mfn.org -- Marc Binderberger 97076 Wuerzburg, Germany marc@sniff.ct-net.de Powered by FreeBSD ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805180552.FAA00628>