Wide Spread DNS Server Profiling

Discussion in 'other security issues & news' started by AplusWebMaster, Oct 20, 2003.

Thread Status:
Not open for further replies.
  1. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
    :( FYI...from the Internet Storm Center:

    http://isc.sans.org/diary.html
    October 20th 2003 16:45 EDT
    "...Starting Sept 29th, malformed dns queries began worldwide, from many sources. The rate and number of sources grew steadily until October 8th. At that point, the rate fell off dramatically, the signature changed, and it began to climb again. Graphs at: http://people.ists.dartmouth.edu/~gbakos/bindsweep . This graph correlates well with data collected by DShield:
    http://www.dshield.org/port_report.php?port=53 (red and green line)..."

    - For complete information, use the link provided above.
     
  2. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
    ;) FYI...

    http://people.ists.dartmouth.edu/~gbakos/bindsweep/#NEW
    "Latest update, 21 Oct, 1300EDT New information:
    - We have identified the propagation vector. A virus known by various names (BackDoor-BAM, BackDoor.Calypso, Backdoor.Sinit, Bck/Initsvc.B, BKDR_CALYPS.A, Trojan.Apolyps, Trojan.FakeSvc.A, Win-Trojan/Calypso.58880) deposits a Windows remote administration trojan, svcinit.exe.
    - One A/V vendor, Fortinet, mentions port 53 random activty in its analysis, that it could "result in a denial-of-service (DoS) attack if the server attempts to parse the packet but is unable to"...
    http://www.fortinet.com/VirusEncyclopedia/search/encyclopediaSearch.do?method=viewVirusDetailsInfoDirectly&fid=526
     
Loading...
Thread Status:
Not open for further replies.