dns.exe virus?
Christopher J. Wolff
chris at bblabs.com
Mon Sep 8 23:10:36 UTC 2003
FYI,
I put the suspect file up at http://www.bblabs.com/dns.exe
Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
bmanning at karoshi.com
Sent: Monday, September 08, 2003 2:37 PM
To: Chris Lewis
Cc: nanog at merit.edu
Subject: Re: dns.exe virus?
> Christopher J. Wolff wrote:
>
> > Chris,
> >
> > It was really odd. Here is an example of what the two hosts .3 and
.4
> > were up to.
>
> For grins, I ran that through our blacklist tool to see what it
coughed up.
>
> Nothing was on our blacklists.
>
> Had rDNS's like *.google.com, *.akamai.com, sprintbbsd,
> ns2.granitecanyon.com, DNS root servers and a few non-resolving IPs.
>
> DNS resolution loop perchance?
From here, they all show up in the logs attemptin
dynamic updates of the in-addr.arpa domain. :)
Time to suck pkts... although I 'spect they are
trying to perform stupid DNS tricks like:
floss.local.in-addr.arpa. A 10.10.10.10
--bill
More information about the NANOG
mailing list