Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] DNS-requests

To: "Fw-1-Mailinglist (E-mail)" <[email protected]>
Subject: [FW1] DNS-requests
From: "Reed Mohn, Anders" <[email protected]>
Date: Thu, 3 May 2001 16:22:59 +0200
Sender: [email protected]


I've been logging a large number of domain-udp and domain-tcp
packets trying to get in to our network.
Most of the requests actually go to a specific (unused) address.
This address used to hold a DNS-server once, and someone obviously
remembers.
The requests are seemingly coming from all over the net, including 
from other DNS-servers.

What I am wondering is whether this is more likely to be someone spoofing
the 
source addresses or whether they are using other, real DNS-servers to send 
these requests to us.
(Is the latter, in fact, possible?)

Is this a know attack of some sort?

Cheers,
Anders RM :)


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] software of intrusion detection
Next by Date: [FW1] output of fw lichosts strange
Previous by thread: RE: [FW1] Problem with Websense & Checkpoint
Next by thread: RE: [FW1] DNS-requests
Index(es):
- Date
- Thread