[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Todd Underwood was a little late

Subject: Todd Underwood was a little late
From: marka at isc.org (Mark Andrews)
Date: Thu, 17 Jun 2010 12:07:33 +1000
In-reply-to: Your message of "Wed, 16 Jun 2010 21:01:32 -0400." <[email protected]>
References: <[email protected]>

In message <Pine.LNX.4.61.1006162044210.5148 at soloth.lewis.org>, Jon Lewis write
s:
> I just took a closer look at something odd I'd noticed several days ago. 
> One of our DNS servers was sending crazy amounts of ARP requests for IPs 
> in the /24 its main IP is in.  What I've found is we're getting hit with 
> DNS requests that look like they're from "typical internet traffic for 
> someone in China" hitting this DNS server from IPs in its /24 which are 
> currently not in use (at least on our local network).  It would appear 
> someone in China is using our IP space, presumably behind a NAT router, 
> and they're leaking some traffic non-NAT'd.

Why was this traffic hitting your DNS server in the first place?  It should
have been rejected by the ingress filters preventing spoofing of the local
network.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

Follow-Ups:
- Todd Underwood was a little late
  - From: jlewis at lewis.org (Jon Lewis)

References:
- Todd Underwood was a little late
  - From: jlewis at lewis.org (Jon Lewis)

Prev by Date: PCAP Sanitization Tool
Next by Date: PCAP Sanitization Tool
Previous by thread: Todd Underwood was a little late
Next by thread: Todd Underwood was a little late
Index(es):
- Date
- Thread