DNSERR Error messages

vladzz · Nov 7, 2016

Hi,

Trisul 6.0 user here - we are getting a ton of these on the ns-* log files.

Mon Nov  7 12:29:06 2016.813588 WARN  [PIDNSWatch] Potentially corrupt DNS packet, flow tagged with DNSERR. Location=DoComputeDNSName overshot guard byte by -3 bytes (Exploit attempt?)
Mon Nov  7 12:29:06 2016.813624 WARN  [PIDNSWatch] Potentially corrupt DNS packet, flow tagged with DNSERR. Location=DoComputeDNSName overshot guard byte by -2 bytes (Exploit attempt?)
Mon Nov  7 12:29:06 2016.813661 WARN  [PIDNSWatch] Potentially corrupt DNS packet, flow tagged with DNSERR. Location=DoComputeDNSName overshot guard byte by -2 bytes (Exploit attempt?)

Can you help ? We tried loading the packets into Wireshark from Trisul but they seem to be normal .

Vlad

admin · Nov 9, 2016

vladzz Hard to say for sure what these are. Can you try the new release 6.6.2733 (Nov 9) build so we can try to reproduce it here.

vladzz · Nov 16, 2016

Hi - I sent a PCAP taken from retro tools to your email , did you get ?