Threat Level: green Handler on Duty: Tom Webb

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-07-05 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Java SE 6.0 Update 2 Released

Published: 2007-07-05
Last Updated: 2007-07-05 18:41:02 UTC
by David Goldsmith (Version: 1)
0 comment(s)

Java Runtime Environment (JRE) 6.0 Update 2 (as well as all the other variants - JDK, J2SE, etc) has been released.

For more information about the software, please go to java.sun.com/javase/downloads/index.jsp.  The release notes for this update are available at java.sun.com/javase/6/webnotes/ReleaseNotes.html.

Keywords:
0 comment(s)

Odd DNS Traffic

Published: 2007-07-05
Last Updated: 2007-07-05 16:54:03 UTC
by David Goldsmith (Version: 1)
0 comment(s)

We received a query from one of our readers earlier today asking about some odd DNS traffic that they have been seeing at their site over the last several months.

The traffic is directed at a DNS server that is acting only as a caching server for outbound queries which originate within the local site.  No inbound queries from the Internet are allowed.

The inbound traffic pattern is thus:

1) AN ICMP echo-request is sent to the local DNS server.
2) A UDP DNS query for the root DNS servers is sent to the local DNS server.
3) A UDP PTR query for the IP address of the local DNS server is sent to the local DNS server.
4) Last, a malformed TCP DNS packet is sent to the local DNS server.  This packet has the SYN flag set.

This traffic has come "from" many different sources IP addresses during this time. For a given
 instance of this traffic pattern, the four packets all come from the same source IP address.
If anyone else is seeing traffic like this, we like to hear from you.

Keywords:
0 comment(s)
Diary Archives