Re: Flood of bad DNS queries
From: Jeff Kell (jeff-kell_at_utc.edu)
Date: 12/04/03
- Previous message: Lawrence Baldwin: "RE: udp and dst port 1026"
- In reply to: Jacques Bourdeau: "Re: Flood of bad DNS queries"
- Next in thread: Mike Lyman: "Re: Flood of bad DNS queries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 04 Dec 2003 00:09:18 -0500 To: Jacques Bourdeau <J_Bourdeau@videotron.ca>
Jacques Bourdeau wrote:
> here, I blocked four /24 networks from Microsoft. 207.46.49.0/24 is one
> of them. It begun during lasts days of september.
>
> 207.46.7 / 24
> 207.46.242 / 24
> 207.46.76 / 24
> 207.46.49 / 24
Is this anything like the "leakage" from the Broadband client? We see
leakage (blocked by anti-spoofing egress) of UDP (usually NTP) and ICMP
with apparently "spoofed" AOL source addresses. They haven't yet quite
perfected their little "client tunneling" tricks yet.
Jeff
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Lawrence Baldwin: "RE: udp and dst port 1026"
- In reply to: Jacques Bourdeau: "Re: Flood of bad DNS queries"
- Next in thread: Mike Lyman: "Re: Flood of bad DNS queries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
