Security Incidents mailing list archives

source port zero scans against DNS servers

From: dorqus () FREEK COM (dorqus)
Date: Fri, 12 May 2000 09:37:47 -0400


I'm just wondering if I'm the only one seeing these wierd errors.
All 3 of my companies name servers are showing the following in the log
files (/var/adm/messages)

named[3430]: dropping source port zero packet from [209.191.188.93].0
named[3534]: dropping source port zero packet from [63.226.179.7].0
named[20627]: dropping source port zero packet from [206.252.159.146].0

Most of the "attacks" were from the first IP address, 209.191.188.93
which resolves back to 93.dsl.seattle.telisphere.com

All of our name servers are running bind-8.2.2-P5.

Thanks!

--
dorqus

Current thread:

More fun stuff from demon internet (ICMP/120 ?) Ed Padin (May 09)
- source port zero scans against DNS servers dorqus (May 12)
- Re: More fun stuff from demon internet (ICMP/120 ?) thomas lakofski (May 12)