[dns-operations] Odd DNS Packet

Duane Wessels wessels at packet-pushers.com
Thu Mar 23 04:52:54 UTC 2006



On Wed, 22 Mar 2006, David Ulevitch said:

> Can someone help me decipher this?
>
> 02:43:23.179500 IP 220.185.129.116.19321 > 38.99.14.207.53:  16705 op8
> + [b2&3=0x4141] [16705a] [16705q] [16705n] [16705au][|domain]
>         0x0000:  4500 011c 1edd 0000 3211 d594 dcb9 8174  E.......
> 2......t
>         0x0010:  2663 0ecf 4b79 0035 0108 7e2f 4141 4141  &c..Ky.
> 5..~/AAAA
>         0x0020:  4141 4141 4141 4141 4141 4141 4141 4141
> AAAAAAAAAAAAAAAA
>         0x0030:  4141 4141 4141 4141 4141 4141 4141 4141


"4b79 0035 0108 7e2f" is the UDP header and so the entire DNS part
of the message is filled with A's.  There is no valid DNS data here.

DW



More information about the dns-operations mailing list