Security Incidents mailing list archives
Re: Large DNS scans from 211.53.208.178
From: sysadmin () SASSPRODUCTIONS COM (Seth Georgion)
Date: Mon, 1 May 2000 01:49:30 -0400
This is very common, especially from Korea and should be seen as obvious attempts to find Zone Transferable hosts and should be secured against by disallowing Unauthorized Zone Transfers. Of course any one who has an even minimal computer education should be aware that all zone transfers are by nature TCP based and that all DNS Lookups are by nature UDP based. Thus it would follow that no one, not even the village idiot, would allow TCP 53 through the firewall. hmmmmmmmmmmm...... ucsd.edu? I guess I see why the recent DoS attacks started at weakly secured university computers. -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of alann lopes Sent: Friday, April 28, 2000 7:39 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Large DNS scans from 211.53.208.178 We are seeing a substantial scans of DNS from 211.53.208.178 apparently from Korea... Anyone else? Thank you -- alann ====================================================================== Apr 28 12:23:44 PDT tcp 211.53.208.178(4147) ->132.239.242.207(53), 1 Apr 28 12:23:46 PDT tcp 211.53.208.178(4140) ->132.239.242.202(53), 1 Apr 28 12:23:52 PDT tcp 211.53.208.178(4142) ->132.239.242.203(53), 1 Apr 28 15:07:24 PDT tcp 211.53.208.178(1987) ->132.239.242.206(53), 1 Apr 28 15:07:32 PDT tcp 211.53.208.178(1963) ->132.239.242.195(53), 1 Apr 28 15:07:44 PDT tcp 211.53.208.178(1960) ->132.239.242.192(53), 1 ======================================================================
Current thread:
- Large DNS scans from 211.53.208.178 alann lopes (Apr 28)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (Apr 30)
- Re: Large DNS scans from 211.53.208.178 Richard Stevenson (May 02)
- Re: Large DNS scans from 211.53.208.178 Bryan Seitz (Apr 30)
- Strange 33434/UDP traffic from MS W2k with Active Directory Eugene Taylashev (May 01)
- more weird traceroutes Donald McLachlan (May 02)
- Re: more weird traceroutes Chad Thunberg (May 02)
- <Possible follow-ups>
- Re: Large DNS scans from 211.53.208.178 Fernando Cardoso (May 02)
- Re: Large DNS scans from 211.53.208.178 Russell Fulton (May 02)
- Re: Large DNS scans from 211.53.208.178 Ed Padin (May 02)
- Re: Large DNS scans from 211.53.208.178 Keith McCammon (May 03)
- Re: Large DNS scans from 211.53.208.178 David B. Bukowski (May 03)
(Thread continues...)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (Apr 30)