Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: FW: Question for DNS pros

Re: FW: Question for DNS pros

From: Paul Rolland <rol_at_witbe.net>
Date: Mon, 26 Jul 2004 08:58:48 +0200

Hello,

> I've altered the real hostname on our network to "targethost"
> and altered
> the querying IP to x.x.x.x for privacy reasons. All these
> queries are
> *from* the same host. This pattern is *typical* of what I'm
> seeing from a
> *number of diverse hosts* from all over the world.
>
> 22:06:10.294071 x.x.x.x.2566 >
> targethost.utdallas.edu.domain: 29462 NS? .
> (17)
> 22:06:11.043050 x.x.x.x.2566 >
> targethost.utdallas.edu.domain: 29463 NS? .
> (17)
> 22:06:11.791218 x.x.x.x.2566 >
> targethost.utdallas.edu.domain: 29464 NS? .
> (17)

Seems to be a query for the NS for the "." (root) zone.
The machine sending the queries is probably configured to use
your server as a complete DNS resolver and transfer all its queries
to your server.

Regards,
Paul

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Jul 27 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]