Bad DNS Query for Date & Time

Martin (KDE) kde at fahrendorf.de
Thu Sep 1 19:17:42 BST 2011 

Am Donnerstag, 1. September 2011 schrieb Michael D. Berger:
> On Thu, 01 Sep 2011 07:27:16 +0000, Duncan wrote:
> 
> [...]
> 
> WireShark is showing what look like real DNS queries.  It
> is true that I had my interface set to "any", which might
> support your suggestion that I am reading the bus, so I
> set the interface to eth0.  The problem persists.
> 
> But in any case, I also get DNS responses to the bad queries
> from external locations such as 151.197.0.38, which ARIN
> identifies is a Verizon location, and which I can successfully
> ping. Therefore it would appear the DNS queries are real.
> 
> Now I ran netstat as you suggested.  There is plenty there that
> makes me nervous, for example:
>    /var/run/dbus/system-bus-socket
>    /tmp/ksocket-root/kdeinit4__0
> and much more.  I would not be surprised if some internal socket
> were internally confused with eth0. 

This is highly unlikely. as long as you don't tell, no process will 
confuse file sockets with network sockets. This is such a basic unix 
stuff that it is tested very well.

> netstat has numerous options,
> and I would be happy to receive suggestions on their use to get
> better information.

usually try -apt for tcp connections and -apu for udp connections (ntp 
uses udp connections on port 123).

with the p switch you can show the process using the port/socket.

you have to identify the process starting the query and afterwards 
check the configuration of this process. most likely this is wrong.

Martin

> 
> I agree that something looks "seriously screwed", I most certainly
> will post whatever solution I find.  (I note that I could punt and
> use iptables -j QUEUE (as I do for other purposes) to parse and
> block the bad DNS, but I hope for a better solution.)
> 
> Mike.
> 
> ___________________________________________________
> This message is from the kde mailing list.
> Account management:  https://mail.kde.org/mailman/listinfo/kde.
> Archives: http://lists.kde.org/.
> More info: http://www.kde.org/faq.html.

___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.

More information about the kde mailing list