Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

TCP port 1025 activity; continued DNS poisonings; 802.11 security primer

Published: 2005-04-27
Last Updated: 2005-04-28 15:52:03 UTC
by Deborah Hale (Version: 1)
0 comment(s)

TCP port 1025 activity


After the huge spike in activity on this port on 31 March, things seemed to have calmed down for a while, but we've seen a couple of smaller spikes the last few days (see
http://isc.sans.org/port_details.php?port=1025
). We're still not sure what is causing all of this, so we again ask for assistance if anyone has captured any of this traffic, we'd appreciate any samples you can share.

Continued DNS poisonings


We continue to get reports of sporadic DNS cache poisonings. We've covered this in great detail earlier this month, so we won't spend a lot of time on it except to remind folks that the (maintainer of BIND) agrees that BIND 4 and 8 are no longer suitable for use as forwarders, so, if you are running DNS servers that act as forwarders, please upgrade as soon as possible.

802.11 security primer


Following up on Josh's obligatory wireless notes, we came across the following presentation that does a pretty good job of hitting the high points, for those who may have to explain the issues to upper management.
http://www.bespacific.com/mt/archives/008060.html


-------------------

Jim Clausing and Scott Fendley for Deb Hale
Keywords:
0 comment(s)
Diary Archives