On 15 Aug, Steve Carter wrote:
max@inc.net wrote:
I have an added note. Someone asked me about what domains are being looked up and if it might be something someone registered. I dont believe this to be the case. There are literally hundreds of domains being looked up to many to have had someone register them all. Also many of the domains are actual domains I know to be real such as excite.com.
Might this be some spoofing type DoS exploit?
Can you explain how you are seeing these requests? Is it via a log file or using a sniffer type tool?
-Steve
I am seeing these requests from 2 diffrent sources. The first is a packet filter on the CPE router. They have a Livingston IRX 114 and I am using ptrace to watch all udp packets going to the name server on port 53. The second is a packet sniffer on the ethernet, this is where I am getting the domain requests from. -Max Max Spaulding Internet Connect, INC. max@inc.net