[nSLUG] [OT] Numerous probes seen as bogus DNS "replies"
Chris R. Thompson
chris.thompson at solutioninc.com
Mon Jun 30 01:30:37 ADT 2014
Sorry to come in late but... What were you doing? What command or filter did you use? What was the full output? What is/was your Ip?
Is your traffic natted? Are you using a vlan?
On Jun 28, 2014 10:51 PM, Joel Maxuel <j.maxuel at gmail.com> wrote:
> I would try a running a traffic analyzer (like Wireshark) and then match the latest port 53 erroI would try a running a traffic analyzer (like Wireshark) and then match the latest port 53 errors with (e.g. by IP) what the Wireshark data dump delivers. Should provide a fuller story.
"One should strive to achieve, not sit in bitter regret."
- Ronan Harris / Mark Jackson
On Sat, Jun 28, 2014 at 8:05 PM, Dan Peterson <dpiddy at gmail.com> wrote:
If I was researching this for myself, I would look into:
* IP info for both sides (is one me? who owns them? `whois 188.8.131.52`,
`dig -x 184.108.40.206`)
* names involved (are they things I'm likely requesting, directly or
* am I seeing some kind of shared network traffic?
Happy to help more if you want to provide more info.
On Sat, Jun 28, 2014 at 2:50 PM, Mike Spencer <mspencer at tallships.ca> wrote:
> I'm seeing (with tcpdump running in an xterm behind whatever I'm
> doing) numerous packets, variously:
> + source port 53, reporting ServFail
> + source port 53, reporting NXDomain
> + ICMP reporting "udp port 53 unreachable"
> from IP addresses all over IP space. So these appear (I suppose
> intentionally) to be replies to DNS requests that I never sent.
> Can someone explain what the object of this is (or cause, if it's a
> side effect) or point me to an on-line explanation or discussion?
> Googling hasn't produced much, if any, enlightenment. iptables is
> dropping the packets but I'm curious.
> - Mike
> Michael Spencer Nova Scotia, Canada .~.
> mspencer at tallships.ca /( )\
> http://home.tallships.ca/mspencer/ ^^-^^
> nSLUG mailing list
> nSLUG at nslug.ns.ca
nSLUG mailing list
nSLUG at nslug.ns.ca
More information about the nSLUG