Security Basics mailing list archives
Strange DNS traffic
From: Maarten Claes <maarten.claes () gmail com>
Date: Fri, 9 Dec 2005 15:39:54 +0100
Hi list, I've seen some strange (blocked) dns traffic on my firewall: Random source ips are requesting a PTR lookup of the receiver's ip address. This is not normal DNS traffic as a dig -x <ip> +trace shows that the DNS provider for that IP range has the answer for that hosts and not the host itself. Is this some kind of dns probing attempt/attack attemp/fingerprinting.. Thanks for your comments! Maarten.
Current thread:
- Strange DNS traffic Maarten Claes (Dec 12)