Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNS query spam

from [Florian Weimer] Network Security [Permanent Link]
Subject: Re: DNS query spam
Date: Wed, 30 Nov 2005 10:20:31 +0100 
* Josep Ma Castells:


I have the same problem, now I'm blocking this attempts with iptables and 
the Recent module when a number of tries is reached.

This is the content of the packet:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

11/20/05-19:17:37.177173 168.143.XXX.XX:11752 -> YYY.YYY.Y.YY:53
UDP TTL:233 TOS:0x0 ID:34960 IpLen:20 DgmLen:68 DF
Len: 48
0x0000: 00 07 95 C2 6A 32 00 04 76 DA CB 14 08 00 45 00  ....j2..v.....E.
0x0010: 00 44 88 90 40 00 E9 11 2A D5 A8 8F 71 0A C0 A8  .D..@...*...q...
0x0020: 04 01 2D E8 00 35 00 30 00 00 20 9E 01 00 00 01  ..-..5.0.. .....
0x0030: 00 00 00 00 00 01 01 65 05 6D 70 69 73 69 03 63  .......e.mpisi.c
0x0040: 6F 6D 00 00 FF 00 FF 00 00 29 27 10 00 00 00 00  om.......)'.....
0x0050: 00 00                                            ..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


Interesting.  This packet allegedly came from www.anonymizer.com
(168.143.113.10).  It apparently has undergone NAT, so its contents
might have been garbled, but: In contrast to Piotr's packets, this one
does contain an OPT RR (type 0x29).  The sender buffer length (encoded
in the class field of the RR) is set to 10000.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DNS query spam, Jim Pingle
Next by Date:  Gallery 2.x Security Advisory, Bharat Mediratta
Previous by Thread:  Re: DNS query spam, Josep Ma Castells
Next by Thread:  Re: DNS query spam, Joe
Indexes:  [Date] [Thread] [Top] [All Lists]