TCP port 1025 activity; continued DNS poisonings; 802.11 security primer

Published: 2005-04-27
Last Updated: 2005-04-28 15:52:03 UTC
by Deborah Hale (Version: 1)
0 comment(s)

TCP port 1025 activity

After the huge spike in activity on this port on 31 March, things seemed to have calmed down for a while, but we've seen a couple of smaller spikes the last few days (see
). We're still not sure what is causing all of this, so we again ask for assistance if anyone has captured any of this traffic, we'd appreciate any samples you can share.

Continued DNS poisonings

We continue to get reports of sporadic DNS cache poisonings. We've covered this in great detail earlier this month, so we won't spend a lot of time on it except to remind folks that the (maintainer of BIND) agrees that BIND 4 and 8 are no longer suitable for use as forwarders, so, if you are running DNS servers that act as forwarders, please upgrade as soon as possible.

802.11 security primer

Following up on Josh's obligatory wireless notes, we came across the following presentation that does a pretty good job of hitting the high points, for those who may have to explain the issues to upper management.


Jim Clausing and Scott Fendley for Deb Hale
0 comment(s)


Diary Archives