[<prev] [next>] [day] [month] [year] [list]
Message-ID: <05474E46C4AF6E4B86484F6A3F88707D03B133B6@wpb2kexch01.ocwen.corp>
From: SVerma at ocwen.com (Verma, Sachin)
Subject: DNS query???
Hi,
Just forgot to mention that the source port and destination port 53
mentioned is UDP protocol.
S@[|-|i/\/
-----Original Message-----
From: Verma, Sachin [mailto:SVerma@...en.com]
Sent: Tuesday, July 27, 2004 5:31 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] DNS query???
Hi,
I have a secondary dns server,which is internal to LAN and on windows 2000
that is generating a lot of queiries for all the 13 root dns servers.The
traffic is blocked by the firewall.But the strange thing that I have noticed
is that the source and destination port being the same i.e 53.Also the
forwarder is correctly set on the DNS server and hence theoritically the
querries need to be forwarded to the next DNS server.
Any body got an idea as to what is this.
S@[|-|i/\/
-----Original Message-----
From: Paul Rolland [mailto:rol@...be.net]
Sent: Tuesday, July 27, 2004 4:11 PM
To: 'Paul Schmehl'; full-disclosure@...ts.netsys.com
Subject: Re: FW: [Full-Disclosure] Question for DNS pros
Hello,
> > The machine sending the queries is probably configured to use
> > your server as a complete DNS resolver and transfer all its queries
> > to your server.
> >
> Umm...I don't *have* a server at that address. In fact,
> there is no live
> host at all at that address. *That*, after all, is the
> entire point of
> this thread.
Understood, but this doesn't prevent someone from making a mistake
when creating its configuration file... and if the resolver has more
than one host (including yours), then failure from your machine will
simply let him skip to next host, which in fact only slows down DNS
resolution. Thus, people are likely to live with a broken configuration
for long...
Collect the source IP(s), find the admin and send him an email...
Regards,
Paul
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
***************************************************************
NOTICE OF CONFIDENTIALITY
This E-mail message and its attachments (if any) are intended
solely for the use of the addressee hereof. In addition, this
message and the attachments (if any) may contain information
that is confidential, privileged and exempt from disclosure
under applicable law. If you are not the intended recipient of
this message, you are prohibited from reading, disclosing,
reproducing, distributing, disseminating or otherwise using
this transmission. Delivery of this message to any person other
than the intended recipient is not intended to waive any right
or privilege. If you have received this message in error, please
promptly notify the sender by reply E-mail and immediately delete
this message from your system.
****************************************************************************
*********************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists