Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Large DNS scans from 211.53.208.178

From: fernando () BN PT (Fernando Cardoso)
Date: Tue, 2 May 2000 10:42:49 +0100

Korea is a classic :)

These days Brazil is becoming also a must. This weekend we have DNS
scans (zone transfers and/or version query) from dial-up accounts in
Portugal, Taiwan and Brazil and from a (surely) compromised server in
Brazil. 

Also probes for IMAP2 and Portmapper and the usual CGI scanning.

A normal weekend ;)

______________________________________________
Fernando Cardoso
Network Administrator
National Library of Portugal 


-----Original Message-----
From: alann lopes [mailto:alopes () UCSD EDU]
Sent: sábado, 29 de Abril de 2000 0:39
To: INCIDENTS () SECURITYFOCUS COM
Subject: Large DNS scans from 211.53.208.178


We are seeing a substantial scans
of DNS from 211.53.208.178 apparently
from Korea...

Anyone else?

Thank you -- alann

======================================================================
Apr 28 12:23:44 PDT tcp  211.53.208.178(4147) ->132.239.242.207(53), 1
Apr 28 12:23:46 PDT tcp  211.53.208.178(4140) ->132.239.242.202(53), 1
Apr 28 12:23:52 PDT tcp  211.53.208.178(4142) ->132.239.242.203(53), 1

Apr 28 15:07:24 PDT tcp  211.53.208.178(1987) ->132.239.242.206(53), 1
Apr 28 15:07:32 PDT tcp  211.53.208.178(1963) ->132.239.242.195(53), 1
Apr 28 15:07:44 PDT tcp  211.53.208.178(1960) ->132.239.242.192(53), 1
======================================================================
Previous By Date Next
Previous By Thread Next

Current thread: