[Dshield] Strange udp/53 traffic...
jeff-kell at utc.edu
Thu Apr 1 15:18:49 GMT 2004
Stephane Grobety wrote:
> JK> Anyone know what this might be? Some P2P abomination or a bot-net?
> It looks like DNS traffic, most likely questions since several
> requests have a high source port.
Not that I know of; that's just a dorm kid's machine.
> 3/ Someone is trying to use the 172.18.81.21 as a traffic amplifier
> and annonimizer for a DDoS. Is that IP running a DNS server ?
No. Will try for packet capture if it persists today; the data was just
from an IPAudit summary I reviewed because he had one of the highest
outside host counts for the interval in question.
More information about the list