[q] curious packets

Hyo-Jeong Shin shinhj at hana.ne.kr
Tue Apr 27 02:06:21 UTC 2004 

Hello all,
I captured some curious packets from our DNS servers with bind 8.2.7 on
linux.
Anybody knows why these packets are generated?

[1] repeated ServFail =================================
16:02:57.053606 client.43312 > server.53: S 1054099647:1054099647(0) win
16384 <mss 1460,nop,nop,sackOK> (DF)
16:02:57.053639 server.53 > client.43312: S 2979146159:2979146159(0) ack
1054099648 win 5840 <mss 1460,nop,nop,sackOK> (DF)
16:02:57.086975 client.43312 > server.53: . ack 1 win 17520 (DF)
16:02:57.088947 client.43312 > server.53: P 1:37(36) ack 1 win 17520
7261+ MX? yourbusiness.com. (34) (DF)
16:02:57.088961 server.53 > client.43312: . ack 37 win 5840 (DF)
16:03:53.003632 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:03:56.002763 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:04:02.002729 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:04:14.002728 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:04:38.002728 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:05:26.002825 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:07:02.002781 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:09:02.002768 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:11:02.002764 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:13:02.002756 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:15:02.002740 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:17:02.002774 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:19:02.002742 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:21:02.002782 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:23:02.002750 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)
16:25:02.002754 server.53 > client.43312: P 1:37(36) ack 37 win 5840
7261 ServFail 0/0/0 (34) (DF)

[2] repeated SYN =========================================================
12:58:44.276476 client.59163 > server.53: S 3109183:3109183(0) win 8192
<mss 1452,nop,nop,sackO
K> (DF)
12:58:44.276510 server.53 > client.59163: S 3599383948:3599383948(0) ack
3109184 win 5840 <mss 1460,nop,nop,sackOK> (DF)
12:58:44.302861 client.59163 > server.53: R 3109184:3109184(0) win 0
12:58:48.407735 server.53 > client.59163: S 3599383948:3599383948(0) ack
3109184 win 5840 <mss 1460,nop,nop,sackOK> (DF)
12:58:55.778830 server.53 > client.59163: S 3599383948:3599383948(0) ack
3109184 win 5840 <mss 1460,nop,nop,sackOK> (DF)
12:59:07.931183 server.53 > client.59163: S 3599383948:3599383948(0) ack
3109184 win 5840 <mss 1460,nop,nop,sackOK> (DF)
12:59:33.431181 server.53 > client.59163: S 3599383948:3599383948(0) ack
3109184 win 5840 <mss 1460,nop,nop,sackOK> (DF)
13:00:21.442892 server.53 > client.59163: S 3599383948:3599383948(0) ack
3109184 win 5840 <mss 1460,nop,nop,sackOK> (DF)

-- 
Hyo-jeong Shin
Internet Networking Team
KT Corporation, Technology Lab.
463-1 Jeonmin-dong, Yuseong-gu, Daejeon 305-811, KOREA
Office:042-870-8194(or 0502-393-2228) Fax:042-870-8339

More information about the bind-users mailing list