WeirdActivity unknown_DNS_RR_type question

_rmkml · September 17, 2004, 10:52pm

Hi,

I found this event :

1095461470.723979 WeirdActivity unknown_DNS_RR_type x.x.x.x/59258 > 195.68.0.1/53

and tcpdump packet :

1095461470.720237 x.x.x.x.59258 > 195.68.0.1.53: [udp sum ok] 28701+ PTR? 220.27.170.80.in-addr.arpa. (44) (ttl 63, id 3049, len 72)

1095461470.723981 195.68.0.1.53 > x.x.x.x.59258: [udp sum ok] 28701 q: PTR? 220.27.170.80.in-addr.arpa. 1/4/5 220.27.170.80.in-addr.arpa. PTR d80-170-27-220.cust.tele2.fr. ns: 170.80.in-addr.arpa. NS sunic.sunet.se., 170.80.in-addr.arpa. NS kalmar.dns.swip.net., 170.80.in-addr.arpa. NS ns.ripe.net., 170.80.in-addr.arpa. NS kista.dns.swip.net. ar: ns.ripe.net.
A 193.0.0.193, ns.ripe.net. AAAA, kista.dns.swip.net. A 192.71.220.9,
sunic.sunet.se. A 192.36.125.2, kalmar.dns.swip.net. A 192.71.1
80.46 (281) (DF) (ttl 60, id 0, len 309)

AAAA is unknown rr type ?

I use bro 09a5 on fbsd410R,

and starting bro with dns analyzer.

Regards

Topic		Replies	Views
WeirdActivity truncated_NTP pb ? Zeek	2	72	May 6, 2022
odd data in my bro dns.log Zeek	1	64	May 6, 2022
DNSSEC Support Zeek	1	57	May 6, 2022
Strange Packet (invert ip) Zeek	1	49	May 6, 2022
Detecting software components that do strange dns queries Zeek	9	58	May 6, 2022