Since early February 2014 my DSL connection receives quite some ICMP Destination Unreachable (TYPE=3) messages from seemingly random addresses. This does not change if my dynamic IP address changes, so I guess that this is targeted equally to all of my ISP's addresses, and perhaps the entire internet. Common to all those reports is the fragment of the original message that is returned with the ICMP message: The original message is always a UDP DNS query (to UDP port 53).
Analyzing the traffic that leaves the router towards the internet shows that there is never any related outgoing DNS query, so these ICMP reports don't make any sense at all. On the internet there is very little information on this particular situation. However, [1] reports on recursive DNS attacks on open DNS resolvers.
A closer look at my received ICMP messages reveals that the reported query originates in fact from the same type of DNS attack.
more here.............http://www.michael-joost.de/dnsterror.html
Analyzing the traffic that leaves the router towards the internet shows that there is never any related outgoing DNS query, so these ICMP reports don't make any sense at all. On the internet there is very little information on this particular situation. However, [1] reports on recursive DNS attacks on open DNS resolvers.
A closer look at my received ICMP messages reveals that the reported query originates in fact from the same type of DNS attack.
more here.............http://www.michael-joost.de/dnsterror.html