Strange DNS Queries
Stephen John Smoogen
smooge at gmail.com
Fri Mar 2 18:29:32 UTC 2007
On 3/2/07, Smith, William E. (Bill), Jr. <Bill.Smith at jhuapl.edu> wrote:
> Our network security folks have come to me inquiring about some odd DNS queries that they have been seeing pop up on their IDS's. After reviewing the captures they've provided, I really have no idea what they are for. What we're seeing is some clients sending a standard A record query for the names "UseCustom" and "UseDefs". The destination in the most recent information I received is 216.13.28.12. I've viewed the trace sent to me via Wireshark but it doesn't really report much other than the queries for "UseCustom" and "UseDefs". Has anyone ever seen such queries before and / or can shed some light on what they are for? I'll try to provide further information as requested / needed.
> Bill Smith
I think a scrubbed capture might be needed to know more about it..
Does all the destinations point towards phone companies or do they go
around.. what data is being returned?
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the bind-users
mailing list