FW: [Full-Disclosure] Question for DNS pros
Ian.Latter at mq.edu.au
Wed Aug 4 03:24:50 BST 2004
> So, I'm speculating that a DNS lookup to something somewhere results in
> these IP's performing the observed theatrics (two UDP DNS queries, one
> TCP SYN scan with payload, and one ICMP ping).
This doesn't sound like nstx ... but it does sound familiar. I've put a
call to a friend who I recall mentioning a response like this from one
of the .mil sites four-five years ago .. I'll see if he recalls the
sequence for the trigger .. may help .. he did demonstrate it, but I
wasn't so interested at the time ...
> If it turns out that all mystery come from China, what do you make out
> of that?
.. that you'll need two bytes and a dictionary to read each char from
the payload? ;-)
Internet and Networking Security Officer
Full-Disclosure is hosted and sponsored by Secunia.