[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] DNS-requests
No, not enough to do any damage, but it constitutes a large portion of the total packets logged. We are talking less than a hundred a day, just counting attempts to contact the one specific IP address (UDP, port 53). If we include port scans and TCP connection attempts, some days we've logged bursts of thousands. I'm not worried about it, just curious as to why so many different hosts would repeatedly be trying to contact a server that went out of commision two years ago, and that is not listed in any DNS-record (that I've been able to find) since then. I just find it hard to believe that there are som many _real_ sources for this traffic. Cheers, Anders :) -----Original Message----- From: Goetz, Jarrett [mailto:[email protected]] Sent: 8. mai 2001 15:17 To: 'Reed Mohn, Anders' Cc: Fw-1-Mailinglist (E-mail) Subject: RE: [FW1] DNS-requests How many requests are we talking here? Is it actually enough that it is impacting your bandwidth or firewall performance? Jarrett -----Original Message----- From: Reed Mohn, Anders [ mailto:[email protected] <mailto:[email protected]> ] Sent: Thursday, May 03, 2001 10:23 To: Fw-1-Mailinglist (E-mail) Subject: [FW1] DNS-requests I've been logging a large number of domain-udp and domain-tcp packets trying to get in to our network. Most of the requests actually go to a specific (unused) address. This address used to hold a DNS-server once, and someone obviously remembers. The requests are seemingly coming from all over the net, including from other DNS-servers. What I am wondering is whether this is more likely to be someone spoofing the source addresses or whether they are using other, real DNS-servers to send these requests to us. (Is the latter, in fact, possible?) Is this a know attack of some sort? Cheers, Anders RM :) ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html <http://www.checkpoint.com/services/mailing.html> ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|