|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: strange traffic on UDP port 53
From: Anders Reed Mohn (anders_rm
utepils.com)
Date: Thu Jun 12 2003 - 03:39:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> 1. Using the same src_IP:port# to dst_IP:port# (as earlier provided) it
> is using DNS query to PTR 48.1.1.192.in-addr.arpa
>
> 2. Then our mail server replying to the same Source IP, using ICMP (0x01)
> destination unreachable.
Smells of a faulty DNS-setup, and of faulty routing.
Some machine out there thinks you have the DNS for 1.1.192.in-addr.arpa,
and is trying to resolve 48.1.1.192.in-addr.arpa through you.
At least, that's a scenario I have seen a few times.
This could be just a typo in an SOA or in the DNS-address specified
on a specific computer.
I addition, someone didn't get their routing right, 'cuz traffic to and from
242.x.x.x should not be routed to the Internet, AFAIK.
Cheers,
Anders :)
----------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]