[nSLUG] [OT] Numerous probes seen as bogus DNS "replies"
mspencer at tallships.ca
Sat Jun 28 15:50:49 ADT 2014
I'm seeing (with tcpdump running in an xterm behind whatever I'm
doing) numerous packets, variously:
+ source port 53, reporting ServFail
+ source port 53, reporting NXDomain
+ ICMP reporting "udp port 53 unreachable"
from IP addresses all over IP space. So these appear (I suppose
intentionally) to be replies to DNS requests that I never sent.
Can someone explain what the object of this is (or cause, if it's a
side effect) or point me to an on-line explanation or discussion?
Googling hasn't produced much, if any, enlightenment. iptables is
dropping the packets but I'm curious.
Michael Spencer Nova Scotia, Canada .~.
mspencer at tallships.ca /( )\
More information about the nSLUG