[nsp-sec] Got traffic?
Florian Weimer
fweimer at bfk.de
Fri Jul 17 04:45:21 EDT 2009
* Nicholas Ianelli:
> Are folks seeing lots of requests destined to any of these IP addresses
> (UDP based):
>
> 156.154.100.3
> 156.154.101.3
> 156.154.102.3
> 156.154.103.3
Are you seeing legitimately-looking DNS requests? There are some
delegations looping back to ns*.nic.uk, which could lead resolvers
astray (e.g. arkselfstorage.co.uk, growthengine.co.uk). This could
lead to issues if one of them is a popular domain. BIND caches the
resolution failure quite agressively (because the zone isn't signed),
but other resolvers might not do this.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list