[wellylug] Broadcast flood?
Sam Cannell
sam at plaz.net.nz
Thu Feb 26 16:38:45 NZDT 2004
Nope .. All that DNS traffic is in fact being caused by the scan
running.
Most traffic monitoring tools, by default, attempt to lookup the reverse
of all IP addresses. If you look at all the requests to
rachel.paradise.net.nz, you'll see it's attempting to resolve the PTR
record for the previous IP address in the dump.
For a more accurate traffic list, try something like:
tcpdump -ni eth1
Where eth1 is your internet interface.
The -n tells tcpdump not to attempt to resolve ip addresses to
hostnames.
On Thu, Feb 26, 2004 at 04:31:07PM +1300, Michael Dittmer wrote:
> rachel.paradise.net.nz is one of the 2 DNS servers that Paradise have.
>
> My guess would be that something on your machine is doing DNS lookups just
> by a brief look at the log.
>
> Regards
>
> Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20040226/2f2e083f/attachment.pgp
More information about the wellylug
mailing list