List Info

Thread: possible MS DNS exploit?
possible MS DNS exploit?
country flaguser name
United States		 2007-04-07 07:03:18 

  


  

    
Possible sig to start capturing data?






alert udp 61.63.0.0 any -> $HOME_NET 53: (msg: "possible MS DNS
exploit";  

reference:url,www.dshield.org/diary.html?storyid=2584;
classtype:attempted-admin; 

threshold:type limit, track by_src, count 60, seconds 60; rev:1;)



From:



http://www.dshield.org/diary.html?storyid=2584






 New MS DNS
Vulnerability creeping up? 


Published: 2007-04-07,

Last Updated: 2007-04-07 05:33:40 UTC

by Tony Carothers (Version: 1)




We are currently investigating a possible exploit with MS, Active
Directory, and DNS.  At this point the information looks solid,
provided initially by Bill O. for review.  Further information has been
provided by Bill, who is working on contacting MS, as things have
progressed.  Looking at the description of the attack method, it looks
solid based on my experience with MS.  If anybody has any scans from
the 61.63.xxx.xxx range, I would be very interested in seeing full
captures.



We will keep you posted as things progress.  I will be sending on what
we have discovered as well to MS tomorrow.  It is 0130EST right now in
the US, I will be passing the findings on to the other Handlers for
review and input later this morning.



















This email has been scanned and certified safe by SpammerTrap™.

For Information please see 
www.spammertrap.com








  

  
  
   
     
    






 [1]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )