[nSLUG] [OT] Numerous probes seen as bogus DNS "replies"

Mike Spencer mspencer at tallships.ca
Sat Jun 28 15:50:49 ADT 2014


I'm seeing (with tcpdump running in an xterm behind whatever I'm
doing) numerous packets, variously:

   + source port 53, reporting ServFail

   + source port 53, reporting NXDomain

   + ICMP reporting "udp port 53 unreachable"

from IP addresses all over IP space. So these appear (I suppose
intentionally) to be replies to DNS requests that I never sent.

Can someone explain what the object of this is (or cause, if it's a
side effect) or point me to an on-line explanation or discussion?

Googling hasn't produced much, if any, enlightenment.  iptables is
dropping the packets but I'm curious.


- Mike

-- 
Michael Spencer                  Nova Scotia, Canada       .~. 
                                                           /V\ 
mspencer at tallships.ca                                     /( )\
http://home.tallships.ca/mspencer/                        ^^-^^


More information about the nSLUG mailing list