Paul Mansfield wrote: > whilst checking DNS issues recently at home I observed my firewall > blocking packets to UDP:53 > > the packets were coming from a small number of IP addresses - see > appended - many are within facebook's blocks (according to ARIN > whois). > > I don't have any NS records which would cause anything to talk to my > home IP, so I find it very odd.
Is there any evidence whether these queries really are coming from Facebook IP space, or could they be spoofed - for instance, do the packets show source port and/or query IDs that are fixed or spread across a range ? There's also a lot of DNS reflection/amplification attacks going on these days, but I'm having trouble figuring out how these could be generated by such activity. > has anyone else observed this, or can explain it? You might also want to try asking this question over on the <[email protected]> list. Keith
