Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: TCP port 1025 activity; continued DNS poisonings; 802.11 security primer SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
TCP port 1025 activity; continued DNS poisonings; 802.11 security primer

TCP port 1025 activity


After the huge spike in activity on this port on 31 March, things seemed to have calmed down for a while, but we've seen a couple of smaller spikes the last few days (see
http://isc.sans.org/port_details.php?port=1025
). We're still not sure what is causing all of this, so we again ask for assistance if anyone has captured any of this traffic, we'd appreciate any samples you can share.

Continued DNS poisonings


We continue to get reports of sporadic DNS cache poisonings. We've covered this in great detail earlier this month, so we won't spend a lot of time on it except to remind folks that the (maintainer of BIND) agrees that BIND 4 and 8 are no longer suitable for use as forwarders, so, if you are running DNS servers that act as forwarders, please upgrade as soon as possible.

802.11 security primer


Following up on Josh's obligatory wireless notes, we came across the following presentation that does a pretty good job of hitting the high points, for those who may have to explain the issues to upper management.
http://www.bespacific.com/mt/archives/008060.html


-------------------

Jim Clausing and Scott Fendley for Deb Hale
Deborah

278 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!