[Full-Disclosure] Mystery DNS Changes
Danny Pansters
fulldiclosure at ricin.com
Thu Oct 2 00:05:39 BST 2003
On Wednesday 01 October 2003 21:19, Hansen, Kevin wrote:
> We have seen multiple instances where DHCP enabled workstations have
> had their DNS reconfigured to point to two of the three addresses
> listed below. Can anyone else confirm this? Incidents.org is
> reporting an increase in port 53 traffic over the last two days. Are
> we looking at the precursor to the next worm?
>
> 216.127.92.38
> 69.57.146.14
> 69.57.147.175
>
> -KJH
>
How bout asking admin at ev1.net? You likely have some spy/ad/pay ware on
client machines. See lop.com and others.
There's crap traffic on port 53 all the time, I get speedera ping-like
traffic on my port 53 several times a day. It's a verifiable swarm but
no one at att, verio, uunet, whatever seem to care. My cable ISP told
me I could start legal action. Yeah right. This is probably a common
occurance.
I think you're mixing up two different issues here.
Dan
Full-Disclosure is hosted and sponsored by Secunia.