[unisog] DNS queries from Windows clients for every udp/137 and udp/138 broadcast they hear?

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Tue Sep 27 23:07:26 GMT 2005


On Tue, 27 Sep 2005 12:06:46 EDT, Irwin Tillman said:

>    IP 10.1.3.4.3639 > 192.168.1.1.53  2+ PTR? 255.255.1.10.in-addr.arpa.

> * The DNS server responds to the second query with an NXDOMAIN response;
> the requested IP address is the all-1's style subnet directed broadcast
> address for the subnet, a value that is not particularly useful to look up in DNS.

This smells like the querying machine has a bogus netmask set, causing them to not
recognise broadcast packets as such.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050927/d7a6e122/attachment.bin


More information about the unisog mailing list