I've been logging a large number of domain-udp and domain-tcp
packets trying to get in to our network.
Most of the requests actually go to a specific (unused) address.
This address used to hold a DNS-server once, and someone obviously
remembers.
The requests are seemingly coming from all over the net, including
from other DNS-servers.
What I am wondering is whether this is more likely to be someone spoofing
the
source addresses or whether they are using other, real DNS-servers to send
these requests to us.
(Is the latter, in fact, possible?)
Is this a know attack of some sort?
Cheers,
Anders RM :)
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
