Win2K broken client?
Bill Manning
bmanning at ISI.EDU
Mon Oct 9 21:14:47 UTC 2000
Has the characteristics of a DNS vectored "smash the stack" query.
You might wish to take steps to ensure the integrity of your systems
%
% In article <39E207B1.8AA37418 at daimlerchrysler.com>,
% Kevin Darcy <kcd at daimlerchrysler.com> wrote:
% >
% > Could you dump those queries in some more-easily parsable format?
%
% Actually, that is the only format I can put them in, or at least that's
% how tcpdump sees them. A normal query would appear in tcpdump as:
%
% A? www.example.com.
%
% All of the apparent control characters are actually a part of the
% query :(
%
% M-nM-^XM-^A^FM-eM-^TM-8M-HM-^SM-aM-^TM-^@M-IM-^JM-fM-$M-^A^SM-nM-^^M-
% (^FM-nM-^YM-^@^FM-cM-^JM-(^HM-nM-^\M-^H^FM-fM-^CM-^TM-gM-^_M-;M-aM-^ZM-
% ^@M-gM-^_M-8M-oM-?M-?M-oM-?M-?M-nM-^\M-^X^FM-cM-^LM-0M-gM-^_M-
% (.example.com.
%
% Ugly, I know.
%
% I do have confirmation that both NT4 and Win2K can generate this
% traffic, and have twice confirmed that it's not coming from a hostile
% source.
%
% As I mentioned, I haven't yet found a (standard) tool that will allow
% such queries to be made in the first place.
%
% -Mycos
%
%
% Sent via Deja.com http://www.deja.com/
% Before you buy.
%
%
%
--
--bill
More information about the bind-users
mailing list