Re: Truly Bizarre outbound traffic when I have open TS connection to DNS server

wsmith_at_wbur.bu.edu
Date: 05/29/04

Next message: wsmith_at_wbur.bu.edu: "Re: Truly Bizarre outbound traffic when I have open TS connection to DNS server"
Previous message: Kevin D. Goodknecht [MVP]: "Re: DNS Zone Transfer on SBS 2003 Premium"
In reply to: Roger Abell: "Re: Truly Bizarre outbound traffic when I have open TS connection to DNS server"
Next in thread: wsmith_at_wbur.bu.edu: "Re: Truly Bizarre outbound traffic when I have open TS connection to DNS server"
Reply: wsmith_at_wbur.bu.edu: "Re: Truly Bizarre outbound traffic when I have open TS connection to DNS server"
Messages sorted by: [ date ] [ thread ]

Date: Sat, 29 May 2004 21:09:23 GMT

Thanks Roger. My foremost reason for posting this behavior on usenet is
because im worried that my system might be compromised. The behavior seems
to be trapped by my firewall and I haven't noticed any other strange
behavior besides teh appearance of blocked packets in the logs.

The system was built behind a firewall, and because its our DC, its not on
the DMZ lan and so cannot be accessed from outside my subnet unless my other
machines are infected (or a vpn client became infected). So I am pretty
certain this is not a result of a compromised system (but i can't be sure).

Where can I find the "Cache node"? I looked through my forward and reverse
zones for any mention of this IP and can't find anything.

Throughout this, the most bizarre part of the behavior is that it ONLY
happens when im connected to the DC through Terminal Services. So no
outbound connection attempts are made as long as I don't have an active TS
session to the DC server.

Id be happy to pay a DNS/DC guru some cash to walk me through my DNS
settings to see if there's something amiss there. Any takers? I can pay
with paypal.

Next message: wsmith_at_wbur.bu.edu: "Re: Truly Bizarre outbound traffic when I have open TS connection to DNS server"
Previous message: Kevin D. Goodknecht [MVP]: "Re: DNS Zone Transfer on SBS 2003 Premium"
In reply to: Roger Abell: "Re: Truly Bizarre outbound traffic when I have open TS connection to DNS server"
Next in thread: wsmith_at_wbur.bu.edu: "Re: Truly Bizarre outbound traffic when I have open TS connection to DNS server"
Reply: wsmith_at_wbur.bu.edu: "Re: Truly Bizarre outbound traffic when I have open TS connection to DNS server"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: The best firewall is?
... >> If you people are so enamored with commercial software, ... > software firewall, and he was looking for a replacement that were ... > everyone needs or wants that, so why pay for ZAP if the freeware ... > Lars M. Hansen ...
(comp.security.firewalls)
Re: Globe-Finder hijack of Search Engine.
... This will rid your computer of spyware/adware. ... * Use a good firewall to block access to your computer from the Internet ... (www.sygate.com is a decent freebie for a standalone workstation; ... BlackIce or the freebie at www.sygate.com - but you do get what you pay for. ...
(microsoft.public.win2000.security)
Re: The best firewall is?
... > a result of paying for their software, they get better products and support. ... SOMEONE has to pay for it, ... In these days of 1gig of memory, ... it is an outstanding firewall, I bought and registered a pro version. ...
(comp.security.firewalls)
Re: The best firewall is?
... >> software firewall, and he was looking for a replacement that were ... >> everyone needs or wants that, so why pay for ZAP if the freeware ... > of Linux is like that, written by amateurs, and their lack of professional ... > design concepts is reflected in the apps they write. ...
(comp.security.firewalls)
Re: SImple advice request re home network
... >>On the existing PC I pay for Zone Alarm Pro and Norton Antivirus. ... > the router firewall will keep most people out who attack from the ... Essential nowadays if you install windows from CD then want ... > that would be reasonable - after all your license fee pays someones ...
(comp.security.firewalls)