empty DoS queries
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Feb 23 14:35:51 UTC 2009
On Mon, Feb 23, 2009 at 02:20:03PM +0100,
Frank Kirschner <147859 at celebrate.de> wrote
a message of 65 lines which said:
> 23-Feb-2009 13:20:15.516 queries: info: client 10.48.0.19#2048: query:
> \(none\) IN A +
I have no idea. But capturing such queries with something like:
tcpdump -w dos-of-the-day.pcap -c 10 src host 10.48.0.19 and dst port 53
and posting the resulting pcap here (or on a public site like
pcapr.net) would be quite interesting. (Because what you posted is
BIND's view of these queries and the raw queries could reveal more.)
More information about the bind-users
mailing list