dns.exe virus?

Mailman List Mirror (Read Only)
1

Christopher J. Wolff wrote:

> Chris,
>
> It was really odd. Here is an example of what the two hosts .3 and .4
> were up to.

For grins, I ran that through our blacklist tool to see what it coughed up.

Nothing was on our blacklists.

Had rDNS's like *.google.com, *.akamai.com, sprintbbsd,
ns2.granitecanyon.com, DNS root servers and a few non-resolving IPs.

DNS resolution loop perchance?

  From here, they all show up in the logs attemptin
  dynamic updates of the in-addr.arpa domain. :slight_smile:
  Time to suck pkts... although I 'spect they are
  trying to perform stupid DNS tricks like:

  floss.local.in-addr.arpa. A 10.10.10.10

--bill

2

FYI,

I put the suspect file up at http://www.bblabs.com/dns.exe

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com