[Full-Disclosure] Mystery DNS Changes

[Gary Flynn]

Hansen, Kevin wrote:

> We have seen multiple instances where DHCP enabled workstations have had
> their DNS reconfigured to point to two of the three addresses listed below.
> Can anyone else confirm this? Incidents.org is reporting an increase in port
> 53 traffic over the last two days. Are we looking at the precursor to the
> next worm?

This is currently being discussed on NTBUGTRAQ too.


-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe