Full Disclosure mailing list archives
Malformed dns
From: "Thorsten Mayr" <tmayr () kitcon net>
Date: Thu, 29 Apr 2004 19:56:50 +0200
Hi guys, I found some funny stuff on my firewall-1, maybe u guys got n idea what could cause it. // Log excerp: "356258" "28Apr2004" "6:38:55" "Multi-product" "*****" "*****" "Log" "Drop" "domain-udp" "10.118.100.2" "216.73.86.10" "udp" "0" "domain-udp" "" "Attack Info: Badly formed DNS" "356259" "28Apr2004" "6:38:56" "VPN-1 & FireWall-1" "***" "****" "Log" "Accept" "domain-udp" "10.118.100.2" "216.73.86.10" "udp" "" "domain-udp" "" "session_id: 764; dns_query: ebay.doubleclick.net (+)ebay.doubleclick.net (+)ebay.doubleclick.net (+)ebay.doubleclick.net (+)ebay.doubleclick.net (+)ebay.doubleclick.net (+)ebay.doubleclick.net (+)ebay.doubleclick.net (+)ebay.doubleclick.net ; dns_type: A(+)A(+)A(+)A(+)A(+)A(+)A(+)A(+)A" //end (The **** are our fw hosts...) Anybody heard about somewhat that is about to DoS *.doubleclick.net? got loads dropped querries trying to talk to several of their hosts... Always around midtime - will sniff the packets tomorrow.... There are quite a lot querries like that. I am happy for any help on that one. Though the traffic is caused from one of the servers not running a dns service at all. It used to serve as a SQL server which was shut down recently... Now all it does is act as a wins server. Nt 4.0 Thx in advance. Regards Thorsten _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Malformed dns Thorsten Mayr (Apr 29)