Security Incidents mailing list archives
Unusual DNS requests (not related to previous DNS thread)
From: <measl () mfn org>
Date: Mon, 14 Jan 2002 17:37:17 -0600 (CST)
Please not that this is not related to the current DNS thread. I have a [non-critical] customer "issue" (Ok, it's an "issue" to the customer ;-) that I can find no references to. Roughly every five seconds, my customer gets a UDP DNS request from a high port, to 53. So far, so good. The request is for a PTR record: 0.xxx.xxx.xx.in-addr.arpa. No, that's not a typo, they are requesting reverse for the network address at .0. A packet capture shows absolutely nothing out of the ordinary, other than the freaky request, and the regularity of the requests, about one request every five seconds, round the clock. My gut tells me this is not malicious, but the customer likes to read Steve Gibson, and... Has anyone ever encountered anything like this before? -- Yours, J.A. Terranson sysadmin () mfn org ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- New DNS connection with SYN ACK Jerry Perser (Jan 11)
- Re: New DNS connection with SYN ACK Richard Arends (Jan 11)
- Re: New DNS connection with SYN ACK Nick Drage (Jan 14)
- Re: New DNS connection with SYN ACK Patrick Benson (Jan 14)
- Re: New DNS connection with SYN ACK Nick Drage (Jan 14)
- RE: New DNS connection with SYN ACK Dan Hawrylkiw (Jan 14)
- RE: New DNS connection with SYN ACK Jason Dixon (Jan 14)
- Re: New DNS connection with SYN ACK John Hall (Jan 15)
- Unusual DNS requests (not related to previous DNS thread) measl (Jan 15)
- Re: Unusual DNS requests (not related to previous DNS thread) Ryan Russell (Jan 15)
- Re: Unusual DNS requests (not related to previous DNS thread) measl (Jan 17)
- Re: Unusual DNS requests (not related to previous DNS thread) Greg A. Woods (Jan 18)
- RE: New DNS connection with SYN ACK Jason Dixon (Jan 14)
- Re: Unusual DNS requests (not related to previous DNS thread) Greg A. Woods (Jan 15)
- Re: New DNS connection with SYN ACK Richard Arends (Jan 11)
- <Possible follow-ups>
- RE: New DNS connection with SYN ACK Cloppert, Michael (Jan 14)
- Re: New DNS connection with SYN ACK RainbowHat (Jan 15)
- RE: New DNS connection with SYN ACK Keith T. Morgan (Jan 14)