lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <05474E46C4AF6E4B86484F6A3F88707D03A9C494@wpb2kexch01.ocwen.corp>
From: SVerma at ocwen.com (Verma, Sachin)
Subject: DNS query???

Hi,

I have a secondary dns server,which is internal to LAN and on windows 2000
that is generating a lot of queiries for all the 13 root dns servers.The
traffic is blocked by the firewall.But the strange thing that I have noticed
is that the source and destination port being the same i.e 53.Also the
forwarder is correctly set on the DNS server and hence theoritically the
querries need to be forwarded to the next DNS server.

Any body got an idea as to what is this.


S@[|-|i/\/


-----Original Message-----
From: Paul Rolland [mailto:rol@...be.net]
Sent: Tuesday, July 27, 2004 4:11 PM
To: 'Paul Schmehl'; full-disclosure@...ts.netsys.com
Subject: Re: FW: [Full-Disclosure] Question for DNS pros


Hello,

> > The machine sending the queries is probably configured to use
> > your server as a complete DNS resolver and transfer all its queries
> > to your server.
> >
> Umm...I don't *have* a server at that address.  In fact, 
> there is no live 
> host at all at that address.  *That*, after all, is the 
> entire point of 
> this thread.

Understood, but this doesn't prevent someone from making a mistake
when creating its configuration file... and if the resolver has more
than one host (including yours), then failure from your machine will
simply let him skip to next host, which in fact only slows down DNS
resolution. Thus, people are likely to live with a broken configuration
for long...

Collect the source IP(s), find the admin and send him an email...

Regards,
Paul

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


***************************************************************

NOTICE OF CONFIDENTIALITY

This E-mail message and its attachments (if any) are intended
solely for the use of the addressee hereof. In addition, this 
message and the attachments (if any) may contain information 
that is confidential, privileged and exempt from disclosure 
under applicable law. If you are not the intended recipient of 
this message, you are prohibited from reading, disclosing, 
reproducing, distributing, disseminating or otherwise using 
this transmission. Delivery of this message to any person other 
than the intended recipient is not intended to waive any right 
or privilege. If you have received this message in error, please 
promptly notify the sender by reply E-mail and immediately delete 
this message from your system.

*************************************************************************************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ