Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Unusual DNS requests (not related to previous DNS thread)

From: <measl () mfn org>
Date: Mon, 14 Jan 2002 17:37:17 -0600 (CST)

Please not that this is not related to the current DNS thread.

I have a [non-critical] customer "issue" (Ok, it's an "issue" to the customer
;-) that I can find no references to.  Roughly every five seconds, my
customer gets a UDP DNS request from a high port, to 53.

So far, so good.  The request is for a PTR
record: 0.xxx.xxx.xx.in-addr.arpa.  No, that's not a typo, they are
requesting reverse for the network address at .0.  A packet capture shows
absolutely nothing out of the ordinary, other than the freaky request, and
the regularity of the requests, about one request every five seconds, round
the clock.

My gut tells me this is not malicious, but the customer likes to read Steve
Gibson, and...

Has anyone ever encountered anything like this before?


-- 
Yours, 
J.A. Terranson
sysadmin () mfn org


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: