Security Incidents mailing list archives
DNS Messages
From: Steven Bonici <sbonici () GROUPEA COM>
Date: Wed, 29 Nov 2000 11:40:32 -0500
We started to get some DNS warning messages on our NT PDC from an IP address that we have no idea of who it is. I would like to know if I should be concerned with this type of traffic getting into my internal network and if so, should the firewall be picking this up and reporting this? I am concerned that an IP address of 216.190.x.x got into my 172.16.x.x network. Should I also try to contact the source of where this is coming from? Unfortunately we have an ISP managing our firewall, so we do not have access to the reporting. I have also sent this to them. We don't have a security person on staff, so I am hoping someone can give me some direction. We did a trace route, so we know or think we know where it is coming from. Windows Event Log Messages: Source/Event ID: DNS/5504 Message: DNS Server encountered invalid domain name packet from 216.190.200.2. Packet rejected Source/Event ID: DNS/5504 Message: DNS Server encountered invalid domain name packet from 216.190.200.2. Packet rejected Source/Event ID: DNS/5506 Message: DNS Server encountered invalid domain name offset in packet. Packet rejected Source/Event ID: DNS/5504 Message: DNS Server encountered invalid domain name packet from 216.190.200.1. Packet rejected Source/Event ID: DNS/5504 Message: DNS Server encountered invalid domain name packet from 216.190.200.1. Packet rejected Source/Event ID: DNS/9999 Message: DNS Server has encounters numerous run-time events. These are usually caused by the reception of bad or unexpected packets, or from problems with or excessive replication traffic. The data is the number of suppressed events encounted in the last 15 minute interval. Source/Event ID: DNS/5506 Message: DNS Server encountered invalid domain name offset in packet. Packet rejected Thanks, Steven
Current thread:
- DNS Messages Steven Bonici (Nov 30)