Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unusual DNS requests (not related to previous DNS thread)

From: woods () weird com (Greg A. Woods)
Date: Tue, 15 Jan 2002 11:57:24 -0500 (EST)
[ On Monday, January 14, 2002 at 17:37:17 (-0600), measl () mfn org wrote: ]

Subject: Unusual DNS requests (not related to previous DNS thread)

So far, so good.  The request is for a PTR
record: 0.xxx.xxx.xx.in-addr.arpa.  No, that's not a typo, they are
requesting reverse for the network address at .0.  A packet capture shows
absolutely nothing out of the ordinary, other than the freaky request, and
the regularity of the requests, about one request every five seconds, round
the clock.


It's not unusual at all.  Please read RFC 1101.

-- 
                                                                Greg A. Woods

+1 416 218-0098;  <gwoods () acm org>;  <g.a.woods () ieee org>;  <woods () robohack ca>
Planix, Inc. <woods () planix com>; VE3TCP; Secrets of the Weird <woods () weird com>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: