[Bro] odd data in my bro dns.log

Tim Krabec tkrabec at gmail.com
Sun Apr 3 16:31:19 PDT 2016 

I'm working through mydns logs
and I'm seeing entries like this
.13 & .14 are AD domain servers
not sure what to make of these, google has led me no where.
TIA


192.168.1.13bp\x95\xff\x7f 192.168.1.13
192.168.1.13bp\x95\xff\x7f 192.168.1.138
192.168.1.13bp\x95\xff\x7f 192.168.1.14
192.168.1.13bp\x95\xff\x7f 192.168.1.143
192.168.1.13b\x16\x91\xff\x7f 192.168.1.138
192.168.1.13b\x16\x91\xff\x7f 192.168.1.14
192.168.1.13b\x16\x91\xff\x7f 192.168.1.143
192.168.1.13b\xcf\x8f\xff\x7f 192.168.1.14
192.168.1.13!ek\xff\x7f 192.168.1.14
192.168.1.13!ek\xff\x7f 192.168.1.143
192.168.1.13\x17\x96\x96\xff\x7f 192.168.1.14
192.168.1.13\x81 192.168.1.138
192.168.1.13\x81 192.168.1.14
192.168.1.13\x81 192.168.1.143
192.168.1.13\x82d\x8a\xff\x7f 192.168.1.138
192.168.1.13\x82d\x8a\xff\x7f 192.168.1.14
192.168.1.13\x82d\x8a\xff\x7f 192.168.1.143
192.168.1.13\xa1\xf6a\xff\x7f 192.168.1.138
192.168.1.13\xa1\xf6a\xff\x7f 192.168.1.14
192.168.1.13\xa1\xf6a\xff\x7f 192.168.1.143
192.168.1.13"\xb0\x94\xff\x7f 192.168.1.14
192.168.1.13\xb1+m\xff\x7f 192.168.1.138
192.168.1.13\xb1+m\xff\x7f 192.168.1.14
192.168.1.13\xb1+m\xff\x7f 192.168.1.143
192.168.1.13\xb2\xc6\x8b\xff\x7f 192.168.1.138
192.168.1.13\xb2\xc6\x8b\xff\x7f 192.168.1.14
192.168.1.13\xb2\xc6\x8b\xff\x7f 192.168.1.143
192.168.1.13\xb2\xd4\x8b\xff\x7f 192.168.1.138
192.168.1.13\xb2\xd4\x8b\xff\x7f 192.168.1.14
192.168.1.13\xb2\xd4\x8b\xff\x7f 192.168.1.143
192.168.1.13\xc0\x80}\xff\x7f 192.168.1.138
192.168.1.13\xc0\x80}\xff\x7f 192.168.1.14
192.168.1.13\xc0\x80}\xff\x7f 192.168.1.143
192.168.1.13\xc2\x07\x93\xff\x7f 192.168.1.13
192.168.1.13\xc2\x07\x93\xff\x7f 192.168.1.138
192.168.1.13\xc2\x07\x93\xff\x7f 192.168.1.14
192.168.1.13\xc2\x07\x93\xff\x7f 192.168.1.143
192.168.1.13\xd2\x1c\x95\xff\x7f 192.168.1.13
192.168.1.13\xd2\x1c\x95\xff\x7f 192.168.1.138
192.168.1.13\xd2\x1c\x95\xff\x7f 192.168.1.14
192.168.1.13\xd2\x1c\x95\xff\x7f 192.168.1.143
192.168.1.13\xe1\xb7i\xff\x7f 192.168.1.14
192.168.1.13\xff 192.168.1.14
192.168.1.14bp\x95\xff\x7f 192.168.1.14
192.168.1.14b\x16\x91\xff\x7f 192.168.1.14
192.168.1.14b\xcf\x8f\xff\x7f 192.168.1.14
192.168.1.14!ek\xff\x7f 192.168.1.138
192.168.1.14!ek\xff\x7f 192.168.1.14
192.168.1.14!ek\xff\x7f 192.168.1.143
192.168.1.14\x17\x96\x96\xff\x7f 192.168.1.14
192.168.1.14\x81 192.168.1.14
192.168.1.14\x82d\x8a\xff\x7f 192.168.1.14
192.168.1.14\xa1\xf6a\xff\x7f 192.168.1.14
192.168.1.14"\xb0\x94\xff\x7f 192.168.1.14
192.168.1.14\xb1+m\xff\x7f 192.168.1.14

Tim Krabec
tkrabec.com
Bio <http://timkrabec.brandyourself.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160403/f8635e2b/attachment.html

More information about the Bro mailing list