I have an added note. Someone asked me about what domains are being looked up and if it might be something someone registered. I dont believe this to be the case. There are literally hundreds of domains being looked up to many to have had someone register them all. Also many of the domains are actual domains I know to be real such as excite.com. -Max
max@inc.net wrote:
I have an added note. Someone asked me about what domains are being looked up and if it might be something someone registered. I dont believe this to be the case. There are literally hundreds of domains being looked up to many to have had someone register them all. Also many of the domains are actual domains I know to be real such as excite.com.
Might this be some spoofing type DoS exploit? Can you explain how you are seeing these requests? Is it via a log file or using a sniffer type tool? -Steve
On 15 Aug, Steve Carter wrote:
max@inc.net wrote:
I have an added note. Someone asked me about what domains are being looked up and if it might be something someone registered. I dont believe this to be the case. There are literally hundreds of domains being looked up to many to have had someone register them all. Also many of the domains are actual domains I know to be real such as excite.com.
Might this be some spoofing type DoS exploit?
Can you explain how you are seeing these requests? Is it via a log file or using a sniffer type tool?
-Steve
I am seeing these requests from 2 diffrent sources. The first is a packet filter on the CPE router. They have a Livingston IRX 114 and I am using ptrace to watch all udp packets going to the name server on port 53. The second is a packet sniffer on the ethernet, this is where I am getting the domain requests from. -Max Max Spaulding Internet Connect, INC. max@inc.net
On Sat, 15 Aug 1998 max@inc.net wrote:
I have an added note. Someone asked me about what domains are being looked up and if it might be something someone registered. I dont believe this to be the case. There are literally hundreds of domains being looked up to many to have had someone register them all. Also many of the domains are actual domains I know to be real such as
Don't be so sure about that. I've seen people register domains by the hundreds before. Post some actual examples or people can only wild guess at what's going on. ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or Network Administrator | drawn and quartered...whichever Florida Digital Turnpike | is more convenient. ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
participants (3)
-
Jon Lewis
-
max@inc.net
-
Steve Carter