DNS Headaches

• Previous message (by thread): DNS Headaches
• Next message (by thread): DNS Headaches
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 15 Aug, Steve Carter wrote:
> max at inc.net wrote:
>> 
>>   I have an added note.  Someone asked me about what domains are being
>>   looked up and if it might be something someone registered.  I dont
>>   believe this to be the case.  There are literally hundreds of domains
>>   being looked up to many to have had someone register them all.  Also
>>   many of the domains are actual domains I know to be real such as
>>   excite.com.
> 
> Might this be some spoofing type DoS exploit?
> 
> Can you explain how you are seeing these requests?  Is it via a log file
> or using a sniffer type tool?
> 
> -Steve

I am seeing these requests from 2 diffrent sources.  The first is a
packet filter on the CPE router.  They have a Livingston IRX 114 and I
am using ptrace to watch all udp packets going to the name server on
port 53.  The second is a packet sniffer on the ethernet, this is where
I am getting the domain requests from.

-Max

Max Spaulding
Internet Connect, INC.
max at inc.net

• Previous message (by thread): DNS Headaches
• Next message (by thread): DNS Headaches
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]