search

nettigo / namf

Nettigo Air Monitor Firmware
GNU General Public License v3.0
33 stars 19 forks source link

Strange DNS queries from NAM #26

Closed Rogacz closed 3 years ago

Rogacz commented 3 years ago

Hi, I have a pi-hole (local dns resolver) in my network and notice some strange dns quires coming from NAM It's trying to resolve M-,7M-^??M-0^DM-^??M-\:M-^??D9M-^??te.^J^A^EM-z^D^A. In pi-hole interface it shows as:

Zrzut ekranu 2021-04-21 o 23 51 59

Here is tcpdump collected on my dns resolver for connection from NAM

❯ tcpdump -vvvAs0 host 192.168.0.219 and port 53 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 23:45:10.577839 IP (tos 0x0, ttl 255, id 59151, offset 0, flags [none], proto UDP (17), length 71) 192.168.0.219.51842 > 192.168.0.44.domain: [udp sum ok] 3383+ A? M-,7M-^??M-0^DM-^??M-\:M-^??D9M-^??te.^J^A^EM-z^D^A. (43) E..G......R>.......,...5.3fP.7............7.?...?.:.?D9.?te. .......... 23:45:10.578384 IP (tos 0x0, ttl 64, id 15073, offset 0, flags [DF], proto UDP (17), length 71) 192.168.0.44.domain > 192.168.0.219.51842: [bad udp cksum 0x829c -> 0xe5cc!] 3383 NXDomain q: A? M-,7M-^??M-0^DM-^??M-\:M-^??D9M-^??te.^J^A^EM-z^D^A. 0/0/0 (43) E..G:.@.@.}m...,.....5...3...7............7.?...?.:.?D9.?te. .......... 23:45:10.590188 IP (tos 0x0, ttl 255, id 59152, offset 0, flags [none], proto UDP (17), length 71) 192.168.0.219.51842 > 192.168.0.44.domain: [udp sum ok] 3383+ A? M-,7M-^??M-0^DM-^??M-\:M-^??D9M-^??te.^J^A^EM-z^D^A. (43) E..G......R=.......,...5.3fP.7............7.?...?.:.?D9.?te. .......... 23:45:10.590626 IP (tos 0x0, ttl 64, id 15074, offset 0, flags [DF], proto UDP (17), length 71) 192.168.0.44.domain > 192.168.0.219.51842: [bad udp cksum 0x829c -> 0xe5cc!] 3383 NXDomain q: A? M-,7M-^??M-0^DM-^??M-\:M-^??D9M-^??te.^J^A^EM-z^D^A. 0/0/0 (43) E..G:.@.@.}l...,.....5...3...7............7.?...?.:.?D9.?te. .......... 23:45:40.629182 IP (tos 0x0, ttl 255, id 59161, offset 0, flags [none], proto UDP (17), length 71) 192.168.0.219.51842 > 192.168.0.44.domain: [udp sum ok] 3385+ A? M-,7M-^??M-0^DM-^??M-\:M-^??D9M-^??te.^J^A^EM-z^D^A. (43) E..G......R4.......,...5.3fN.9............7.?...?.:.?D9.?te. .......... 23:45:40.629669 IP (tos 0x0, ttl 64, id 17256, offset 0, flags [DF], proto UDP (17), length 71) 192.168.0.44.domain > 192.168.0.219.51842: [bad udp cksum 0x829c -> 0xe5ca!] 3385 NXDomain q: A? M-,7M-^??M-0^DM-^??M-\:M-^??D9M-^??te.^J^A^EM-z^D^A. 0/0/0 (43) E..GCh@.@.t....,.....5...3...9............7.?...?.:.?D9.?te. .......... 23:45:40.632730 IP (tos 0x0, ttl 255, id 59162, offset 0, flags [none], proto UDP (17), length 71) 192.168.0.219.51842 > 192.168.0.44.domain: [udp sum ok] 3385+ A? M-,7M-^??M-0^DM-^??M-\:M-^??D9M-^??te.^J^A^EM-z^D^A. (43) E..G......R3.......,...5.3fN.9............7.?...?.:.?D9.?te. .......... 23:45:40.633098 IP (tos 0x0, ttl 64, id 17257, offset 0, flags [DF], proto UDP (17), length 71) 192.168.0.44.domain > 192.168.0.219.51842: [bad udp cksum 0x829c -> 0xe5ca!] 3385 NXDomain q: A? M-,7M-^??M-0^DM-^??M-\:M-^??D9M-^??te.^J^A^EM-z^D^A. 0/0/0 (43) E..GCi@.@.t....,.....5...3...9............7.?...?.:.?D9.?te. .......... 23:45:41.550155 IP (tos 0x0, ttl 255, id 59164, offset 0, flags [none], proto UDP (17), length 63) 192.168.0.219.51842 > 192.168.0.44.domain: [udp sum ok] 3384+ A? api-rrd.madavi.de. (35) E..?......R9.......,...5.+...8...........api-rrd.madavi.de..... 23:45:41.550661 IP (tos 0x0, ttl 64, id 17305, offset 0, flags [DF], proto UDP (17), length 79) 192.168.0.44.domain > 192.168.0.219.51842: [bad udp cksum 0x82a4 -> 0x01ed!] 3384 q: A? api-rrd.madavi.de. 1/0/0 api-rrd.madavi.de. [10h14m53s] A 85.214.202.106 (51) E..OC.@.@.t....,.....5...;...8...........api-rrd.madavi.de.................U..j 23:45:42.131313 IP (tos 0x0, ttl 255, id 59179, offset 0, flags [none], proto UDP (17), length 70) 192.168.0.219.51842 > 192.168.0.44.domain: [udp sum ok] 3386+ A? ingress.opensensemap.org. (42) E..F.+....R#.......,...5.2...:...........ingress.opensensemap.org..... 23:45:42.131710 IP (tos 0x0, ttl 64, id 17333, offset 0, flags [DF], proto UDP (17), length 86) 192.168.0.44.domain > 192.168.0.219.51842: [bad udp cksum 0x82ab -> 0x49f7!] 3386 q: A? ingress.opensensemap.org. 1/0/0 ingress.opensensemap.org. [4m59s] A 128.176.196.25 (58) E..VC.@.@.t....,.....5...B...:...........ingress.opensensemap.org..............+...... ^C 12 packets captured 12 packets received by filter 0 packets dropped by kernel

Version: NAMF-2020-36

I have this NAM for few months and didn't notice this before. It doesn’t look normal, what can be wrong? Is there a way to fix it?

Rogacz commented 3 years ago

After upgrade to 37 I no longer see this issue