Unusual DNS requests (not related to previous DNS thread)

From: measlat_private
Date: Mon Jan 14 2002 - 15:37:17 PST

  • Next message: Michael Hottinger: "Re: Matt Wright FormMail Attacks"

    Please not that this is not related to the current DNS thread.
    
    I have a [non-critical] customer "issue" (Ok, it's an "issue" to the customer
    ;-) that I can find no references to.  Roughly every five seconds, my
    customer gets a UDP DNS request from a high port, to 53.
    
    So far, so good.  The request is for a PTR
    record: 0.xxx.xxx.xx.in-addr.arpa.  No, that's not a typo, they are
    requesting reverse for the network address at .0.  A packet capture shows
    absolutely nothing out of the ordinary, other than the freaky request, and
    the regularity of the requests, about one request every five seconds, round
    the clock.
    
    My gut tells me this is not malicious, but the customer likes to read Steve
    Gibson, and...
    
    Has anyone ever encountered anything like this before?
    
    
    -- 
    Yours, 
    J.A. Terranson
    sysadminat_private
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 08:33:24 PST