Quango

Asked: 2012-07-18 00:22:59 +0800 CST2012-07-18 00:22:59 +0800 CST 2012-07-18 00:22:59 +0800 CST

Is this a DNS vulnerability or exploit?

Our server (windows 2008 R2 server, fully patched) this morning was a bit slow.

Checking network activity I found several DNS sessions using quite a lot of bandwidth (10MB/sec per session). This was rather suspicious (I expect DNS traffic to be light) so I turned off DNS for the present.

Here is an image of some of the connections: list of DNS sessions

As you can see there is a varied list of hosts. Is this a vulnerability in DNS?

1 Answers

Voted

Best Answer

Bart De Vos
2012-07-18T01:07:35+08:002012-07-18T01:07:35+08:00
Could be someone using TCP over DNS to get over some internet restrictions. You can counter this by implementing split horizon DNS.

There is an interesting Q about this, over at Security.SE
8

Is this a DNS vulnerability or exploit?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?