Weird DNS Problems
erik.c.fournier@nga.mil
erik.fournier at gmail.com
Thu Nov 10 22:06:29 UTC 2005
I was reading about the post of the same name, and I saw an IP that
I've seen on our IDS. Here's a quick snipet of it:
(Towards) 16:45:32
SOURCE: 12.127.16.69 cmtu.mt.ns.els-gms.att.net
DEST: 164.214.X.X DNS Server
45 00 00 96 ab 0b 40 00 f7 11 14 61 0c 7f 10 45 a4 d6 02 50
E..... at ....a...E...P
00 35 00 35 00 82 37 a9 ee a6 84 03 00 01 00 00 00 01 00 00
.5.5..7.............
01 33 03 32 34 39 02 32 32 02 31 32 07 69 6e 2d 61 64 64 72
.3.249.22.12.in-addr
04 61 72 70 61 00 00 0c 00 01 03 32 34 39 02 32 32 02 31 32
.arpa......249.22.12
07 69 6e 2d 61 64 64 72 04 61 72 70 61 00 00 06 00 01 00 00
.in-addr.arpa.......
0e 10 00 2e 04 68 63 63 37 07 68 61 72 66 6f 72 64 03 65 64
.....hcc7.harford.ed
75 00 05 61 64 6d 69 6e c0 51 00 00 00 29 00 00 03 84 00 00
u..admin.Q...)......
02 58 00 01 51 80 00 00 0e 10 .X..Q.....
EVENT1: [DOS:DDNSF] (udp,dp=53,sp=53)
Who is/are cmtu.mt.ns.els-gms.att.net (12.127.16.69 )
is this a misconfig. box?
E
More information about the bind-users
mailing list