[80708] in North American Network Operators' Group
Re: Unusual IN ANY DNS Traffic
daemon@ATHENA.MIT.EDU (Douglas E. Warner)
Tue May 10 12:24:13 2005
From: "Douglas E. Warner" <dwarner@ctinetworks.com>
To: nanog@merit.edu
Date: Tue, 10 May 2005 12:23:34 -0400
In-Reply-To: <20050510101330.W29488@life-gone-hazy.com>
Errors-To: owner-nanog@merit.edu
--nextPart1785025.S2TVW4ImGN
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Tuesday 10 May 2005 12:14, Duane Wessels wrote:
> One thing I've noticed that likes to generate ANY queries is Qmail...
I guess I should've stated that these are almost all some DSL customers on =
our=20
network using their assigned DNS servers, but this traffic is just complete=
ly=20
out of normal; especially since they were all looking for "msn.com.".
Another thing that is quite odd (to me) is that the source port is all port=
=20
53; I thought that normal clients would use a random high port to do querie=
s=20
from.
=2DDoug
=2D-=20
Douglas E. Warner <dwarner@ctinetworks.com> Network Engineer
CTI Networks, Inc. http://www.ctinetworks.com +1 717 975 9000
--nextPart1785025.S2TVW4ImGN
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQBCgOAGJV36su0A0xIRAtKMAJ0TEqq8utu6xaBTb1Wyo2niS7H2ZQCeLQng
5vsK19dLrxX2qHjSqUecRNE=
=w3wH
-----END PGP SIGNATURE-----
--nextPart1785025.S2TVW4ImGN--