Re: Unusual DNS requests (not related to previous DNS thread)
From: Greg A. Woods (woods@weird.com)Date: 01/15/02
- Previous message: Ryan Russell: "Re: Unusual DNS requests (not related to previous DNS thread)"
- In reply to: measl@mfn.org: "Unusual DNS requests (not related to previous DNS thread)"
- Next in thread: Cloppert, Michael: "RE: New DNS connection with SYN ACK"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: woods@weird.com (Greg A. Woods) To: <measl@mfn.org> Date: Tue, 15 Jan 2002 11:57:24 -0500 (EST)
[ On Monday, January 14, 2002 at 17:37:17 (-0600), measl@mfn.org wrote: ]
> Subject: Unusual DNS requests (not related to previous DNS thread)
>
> So far, so good. The request is for a PTR
> record: 0.xxx.xxx.xx.in-addr.arpa. No, that's not a typo, they are
> requesting reverse for the network address at .0. A packet capture shows
> absolutely nothing out of the ordinary, other than the freaky request, and
> the regularity of the requests, about one request every five seconds, round
> the clock.
It's not unusual at all. Please read RFC 1101.
-- Greg A. Woods+1 416 218-0098; <gwoods@acm.org>; <g.a.woods@ieee.org>; <woods@robohack.ca> Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Ryan Russell: "Re: Unusual DNS requests (not related to previous DNS thread)"
- In reply to: measl@mfn.org: "Unusual DNS requests (not related to previous DNS thread)"
- Next in thread: Cloppert, Michael: "RE: New DNS connection with SYN ACK"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
