On 03/15/13 19:15, Reindl Harald wrote: > Am 15.03.2013 10:57, schrieb Ed Greshko: >> On 03/15/13 17:46, Ed Greshko wrote: >>> Is the destination IP address a single IP address or are there others. >>> >>> Is your system running a DNS server? If you are running one, is it >>> supposed to be servicing requests from the Internet? If it is supposed to >>> be taking requests from the Internet, have you made sure to configure such >>> that recursion is disabled. >> Never mind.... >> >> In re-reading the original message I see the "source port" is 35442. I'm >> pretty sure recursion from a DNS server would show 53 as the source port. > pretty sure only if your DNS is very outdated > http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html > > http://en.wikipedia.org/wiki/DNS_spoofing > As stated above, source port randomization for DNS requests, combined with > the use of cryptographically-secure > random numbers for selecting both the source port and the 16-bit > cryptographic nonce, can greatly reduce the > probability of successful DNS race attacks.
Good to know. It has been a long time since I've done DNS stuff at the network layer. It sounded like a DNSSEC and DNS amplification attack with the Bank's network as the target. But, the OP seems not to have a DNS server configured. -- From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer....
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
