DNSERR Error messages

vladzz

Hi,

Trisul 6.0 user here - we are getting a ton of these on the ns-* log files.

Mon Nov  7 12:29:06 2016.813588 WARN  [PIDNSWatch] Potentially corrupt DNS packet, flow tagged with DNSERR. Location=DoComputeDNSName overshot guard byte by -3 bytes (Exploit attempt?)
Mon Nov  7 12:29:06 2016.813624 WARN  [PIDNSWatch] Potentially corrupt DNS packet, flow tagged with DNSERR. Location=DoComputeDNSName overshot guard byte by -2 bytes (Exploit attempt?)
Mon Nov  7 12:29:06 2016.813661 WARN  [PIDNSWatch] Potentially corrupt DNS packet, flow tagged with DNSERR. Location=DoComputeDNSName overshot guard byte by -2 bytes (Exploit attempt?)

Can you help ? We tried loading the packets into Wireshark from Trisul but they seem to be normal .

Vlad

admin

vladzz Hard to say for sure what these are. Can you try the new release 6.6.2733 (Nov 9) build so we can try to reproduce it here.

vladzz

Hi - I sent a PCAP taken from retro tools to your email , did you get ?