Please not that this is not related to the current DNS thread. I have a [non-critical] customer "issue" (Ok, it's an "issue" to the customer ;-) that I can find no references to. Roughly every five seconds, my customer gets a UDP DNS request from a high port, to 53. So far, so good. The request is for a PTR record: 0.xxx.xxx.xx.in-addr.arpa. No, that's not a typo, they are requesting reverse for the network address at .0. A packet capture shows absolutely nothing out of the ordinary, other than the freaky request, and the regularity of the requests, about one request every five seconds, round the clock. My gut tells me this is not malicious, but the customer likes to read Steve Gibson, and... Has anyone ever encountered anything like this before? -- Yours, J.A. Terranson sysadminat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 08:33:24 PST