[nSLUG] [OT] Numerous probes seen as bogus DNS "replies"
dpiddy at gmail.com
Sat Jun 28 20:05:17 ADT 2014
If I was researching this for myself, I would look into:
* IP info for both sides (is one me? who owns them? `whois 126.96.36.199`,
`dig -x 188.8.131.52`)
* names involved (are they things I'm likely requesting, directly or
* am I seeing some kind of shared network traffic?
Happy to help more if you want to provide more info.
On Sat, Jun 28, 2014 at 2:50 PM, Mike Spencer <mspencer at tallships.ca> wrote:
> I'm seeing (with tcpdump running in an xterm behind whatever I'm
> doing) numerous packets, variously:
> + source port 53, reporting ServFail
> + source port 53, reporting NXDomain
> + ICMP reporting "udp port 53 unreachable"
> from IP addresses all over IP space. So these appear (I suppose
> intentionally) to be replies to DNS requests that I never sent.
> Can someone explain what the object of this is (or cause, if it's a
> side effect) or point me to an on-line explanation or discussion?
> Googling hasn't produced much, if any, enlightenment. iptables is
> dropping the packets but I'm curious.
> - Mike
> Michael Spencer Nova Scotia, Canada .~.
> mspencer at tallships.ca /( )\
> http://home.tallships.ca/mspencer/ ^^-^^
> nSLUG mailing list
> nSLUG at nslug.ns.ca
More information about the nSLUG