Security Incidents mailing list archives
Re: Win2k Machine contacting Root Server???
From: Valdis.Kletnieks () vt edu
Date: Fri, 24 Mar 2006 16:41:29 -0500
On Fri, 24 Mar 2006 04:49:18 EST, somebody said: (Sorry, am replying to a reply rather than orignal...)
I recently ran "netstat" on my personal laptop (running Win2k) and was shocked to see that it had been making TCP connections to the root servers (to their domain port). I know that some DNS queries are performed using TCP, but I find it somewhat disturbing that the root servers were involved.
A common cause of this is if the Windows box has been told to register its DHCP address in Active Directory, but the AD DNS isn't configured for that. The box then goes and asks the root servers where to find the AD. It's particularly a big problem for RFC1918 address spaces leaking out of a corporate net. Another big source of pollution is PTR lookups for 1918 addresses. http://www.caida.org/publications/papers/2004/dns-pollution/ http://www.caida.org/publications/papers/2003/dnsspectroscopy-full/ And some 98% (yes, 98%) of the packets reaching a root nameserver are bogus: http://www.caida.org/publications/papers/2003/dnspackets/ Makes you wonder how it keeps working at all....
Attachment:
_bin
Description:
Current thread:
- Win2k Machine contacting Root Server??? Alex (Mar 24)
- Re: Win2k Machine contacting Root Server??? Jeff Rosowski (Mar 29)
- <Possible follow-ups>
- RE: Win2k Machine contacting Root Server??? Adrian Marsden (Mar 24)
- Re: Win2k Machine contacting Root Server??? Valdis . Kletnieks (Mar 24)
- RE: Win2k Machine contacting Root Server??? Alex (Mar 24)