A? ftp://netgear.routerlogin.net/shares/.

Jeroen Massar jeroen at massar.ch
Thu Dec 10 17:12:24 UTC 2020


Just noticed while debugging why our recursive DNS platform is seeing an increase of queries for 
Shared with the jokers at jnj.com whose employee laptops are hammering for wks.jnj.com SOA, yeah, and of course the many thousands of companies with internal AD where they employees work from home and ask a lot for dc._msdcs.<company>... do not look at the actual queries ;)
(long live per-label/domain rate limits). 


Anyway, this mail is about another netgear issue:

17:16:42.745493 IP xxxx > xxx: 13794+ A? ftp://netgear.routerlogin.net/shares/. (55) 


Anybody seen that before.... how the ... does one do that :)

It is pretty amazing that the DNS software between the thing that has that and our recursors even accepted the /'s in the query, note the dot at the end.

Anybody got a netgear contact, they really need to clean up their act.

Between that and time-f.netgear.com + time-g.netgear.com hammering (line-rate queries for those labels, thus customer's internet is "slow" till they reboot the netgear box), our helpdesk is giving off a nice "buy something else" warning... typically "just disconnect that thing and use our CPE".

Greets,
 Jeroen

--

Bonus fun one: A? fe80::290:a9ff:fed3:e2ac. (42)

Good old IPv6calc tells us something is asking for a WD device, likely a NAS:

$ ipv6calc -i fe80::290:a9ff:fed3:e2ac
no input type specified, try autodetection...found type: ipv6addr
no output type specified, try autodetection...found type: ipv6addr
Address type: unicast, link-local, iid, iid-global, iid-eui48
Registry for address: reserved(RFC4291#2.5.6)
Interface identifier: 0290:a9ff:fed3:e2ac
EUI-48/MAC address: 00:90:a9:d3:e2:ac
MAC is a global unique one
MAC is an unicast one
OUI is: WESTERN DIGITAL
Built-In database: IEEE:OUI/20201107





More information about the dns-operations mailing list