[Dshield] Strange udp/53 traffic...

Jeff Kell jeff-kell at utc.edu
Thu Apr 1 15:18:49 GMT 2004

Stephane Grobety wrote:
> JK> Anyone know what this might be? Some P2P abomination or a bot-net?
> It looks like DNS traffic, most likely questions since several
> requests have a high source port.

Not that I know of; that's just a dorm kid's machine.

> 3/ Someone is trying to use the as a traffic amplifier
> and annonimizer for a DDoS. Is that IP running a DNS server ?

No.  Will try for packet capture if it persists today; the data was just 
from an IPAudit summary I reviewed because he had one of the highest 
outside host counts for the interval in question.


More information about the list mailing list