[unisog] DNS queries from Windows clients for every udp/137 and udp/138 broadcast they hear?
Valdis.Kletnieks at vt.edu
Tue Sep 27 23:07:26 GMT 2005
On Tue, 27 Sep 2005 12:06:46 EDT, Irwin Tillman said:
> IP 10.1.3.4.3639 > 192.168.1.1.53 2+ PTR? 255.255.1.10.in-addr.arpa.
> * The DNS server responds to the second query with an NXDOMAIN response;
> the requested IP address is the all-1's style subnet directed broadcast
> address for the subnet, a value that is not particularly useful to look up in DNS.
This smells like the querying machine has a bogus netmask set, causing them to not
recognise broadcast packets as such.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050927/d7a6e122/attachment.bin
More information about the unisog