Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Strange DNS traffic

From: Maarten Claes <maarten.claes () gmail com>
Date: Fri, 9 Dec 2005 15:39:54 +0100
Hi list,

I've seen some strange (blocked) dns traffic on my firewall:

Random source ips are requesting a PTR lookup of the receiver's ip
address. This is not normal DNS traffic as a dig -x &lt;ip&gt; +trace
shows that the DNS provider for that IP range has the answer for that
hosts and not the host itself.

Is this some kind of dns probing attempt/attack attemp/fingerprinting..

Thanks for your comments!

Maarten.
Previous By Date Next
Previous By Thread Next

Current thread: