dns.exe virus?

• Previous message (by thread): dns.exe virus?
• Next message (by thread): dns.exe virus?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI,

I put the suspect file up at http://www.bblabs.com/dns.exe

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
bmanning at karoshi.com
Sent: Monday, September 08, 2003 2:37 PM
To: Chris Lewis
Cc: nanog at merit.edu
Subject: Re: dns.exe virus?


> Christopher J. Wolff wrote:
> 
> > Chris,
> > 
> > It was really odd.  Here is an example of what the two hosts .3 and
.4
> > were up to.
> 
> For grins, I ran that through our blacklist tool to see what it
coughed up.
> 
> Nothing was on our blacklists.
> 
> Had rDNS's like *.google.com, *.akamai.com, sprintbbsd, 
> ns2.granitecanyon.com, DNS root servers and a few non-resolving IPs.
> 
> DNS resolution loop perchance?

	From here, they all show up in the logs attemptin
	dynamic updates of  the in-addr.arpa domain. :)
	Time to suck pkts...  although I 'spect they are
	trying to perform stupid DNS tricks like:

	floss.local.in-addr.arpa.  A  10.10.10.10

--bill

• Previous message (by thread): dns.exe virus?
• Next message (by thread): dns.exe virus?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]