DNS Messages

[Steven Bonici <sbonici () GROUPEA COM>]

We started to get some DNS warning messages on our NT PDC from an IP address
that we have no idea of who it is.  I would like to know if I should be
concerned with this type of traffic getting into my internal network and if
so, should the firewall be picking this up and reporting this?  I am
concerned that an IP address of 216.190.x.x got into my 172.16.x.x network.
Should I also try to contact the source of where this is coming from?
Unfortunately we have an ISP managing our firewall, so we do not have access
to the reporting. I have also sent this to them.  We don't have a security
person on staff, so I am hoping someone can give me some direction.

We did a trace route, so we know or think we know where it is coming from.
Windows Event Log Messages:
Source/Event ID:        DNS/5504
Message:                DNS Server encountered invalid domain name packet
from 216.190.200.2. Packet rejected
Source/Event ID:        DNS/5504
Message:                DNS Server encountered invalid domain name packet
from 216.190.200.2. Packet rejected
Source/Event ID:        DNS/5506
Message:                DNS Server encountered invalid domain name offset in
packet. Packet rejected
Source/Event ID:        DNS/5504
Message:                DNS Server encountered invalid domain name packet
from 216.190.200.1. Packet rejected
Source/Event ID:        DNS/5504
Message:                DNS Server encountered invalid domain name packet
from 216.190.200.1. Packet rejected
Source/Event ID:        DNS/9999
Message:                DNS Server has encounters numerous run-time events.
These are usually caused by the reception of bad or unexpected packets, or
from problems with or excessive replication traffic. The data is the number
of suppressed events encounted in the last 15 minute interval.
Source/Event ID:        DNS/5506
Message:                DNS Server encountered invalid domain name offset in
packet. Packet rejected


Thanks, Steven