[18727] in North American Network Operators' Group
Re: DNS Headaches
daemon@ATHENA.MIT.EDU (max@inc.net)
Sat Aug 15 01:56:42 1998
Date: Sat, 15 Aug 1998 00:40:34 -0500 (CDT)
From: max@inc.net
Reply-To: max@inc.net
To: scarter@pobox.com
cc: nanog@merit.edu
In-Reply-To: <35D51DA2.CB4D1178@pobox.com>
On 15 Aug, Steve Carter wrote:
> max@inc.net wrote:
>>
>> I have an added note. Someone asked me about what domains are being
>> looked up and if it might be something someone registered. I dont
>> believe this to be the case. There are literally hundreds of domains
>> being looked up to many to have had someone register them all. Also
>> many of the domains are actual domains I know to be real such as
>> excite.com.
>
> Might this be some spoofing type DoS exploit?
>
> Can you explain how you are seeing these requests? Is it via a log file
> or using a sniffer type tool?
>
> -Steve
I am seeing these requests from 2 diffrent sources. The first is a
packet filter on the CPE router. They have a Livingston IRX 114 and I
am using ptrace to watch all udp packets going to the name server on
port 53. The second is a packet sniffer on the ethernet, this is where
I am getting the domain requests from.
-Max
Max Spaulding
Internet Connect, INC.
max@inc.net
