Security Incidents mailing list archives
Re: Large DNS scans from 211.53.208.178
From: seitz () CARTMAN EE UDEL EDU (Bryan Seitz)
Date: Mon, 1 May 2000 02:06:49 -0400
On Fri, 28 Apr 2000, alann lopes wrote:
We are seeing a substantial scans of DNS from 211.53.208.178 apparently from Korea... Anyone else? Thank you -- alann ====================================================================== Apr 28 12:23:44 PDT tcp 211.53.208.178(4147) ->132.239.242.207(53), 1 Apr 28 12:23:46 PDT tcp 211.53.208.178(4140) ->132.239.242.202(53), 1 Apr 28 12:23:52 PDT tcp 211.53.208.178(4142) ->132.239.242.203(53), 1 Apr 28 15:07:24 PDT tcp 211.53.208.178(1987) ->132.239.242.206(53), 1 Apr 28 15:07:32 PDT tcp 211.53.208.178(1963) ->132.239.242.195(53), 1 Apr 28 15:07:44 PDT tcp 211.53.208.178(1960) ->132.239.242.192(53), 1 ======================================================================
Not from that specific host, but from .kr yes... Apr 21 15:00:38 cartman /kernel: ipfw: 3500 Deny TCP 210.182.140.145:4993 128.175.200.41:53 in via xl0 Apr 28 18:02:21 cartman /kernel: ipfw: 3500 Deny TCP 210.182.66.3:1436 128.175.200.41:53 in via xl0 Apr 28 15:17:19 ftp kernel: Packet log: input DENY eth0 PROTO=6 210.182.66.3:2211 128.175.200.38:53 Gee... April 28th as well... Oddly enough, I found this one from March 28th... Mar 28 02:05:06 cartman /kernel: ipfw: 3700 Deny TCP 210.124.182.137:1257 128.175.200.41:53 in via xl0 I've been getting DNS scans from all over recently. Last month it was a lot of port 111 probes, this month DNS seems to be popular. --- #include <standard_disclaimer.h> Bryan G. Seitz EECIS Labstaff UofD LUG Admin
Current thread:
- Large DNS scans from 211.53.208.178 alann lopes (Apr 28)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (Apr 30)
- Re: Large DNS scans from 211.53.208.178 Richard Stevenson (May 02)
- Re: Large DNS scans from 211.53.208.178 Bryan Seitz (Apr 30)
- Strange 33434/UDP traffic from MS W2k with Active Directory Eugene Taylashev (May 01)
- more weird traceroutes Donald McLachlan (May 02)
- Re: more weird traceroutes Chad Thunberg (May 02)
- <Possible follow-ups>
- Re: Large DNS scans from 211.53.208.178 Fernando Cardoso (May 02)
- Re: Large DNS scans from 211.53.208.178 Russell Fulton (May 02)
- Re: Large DNS scans from 211.53.208.178 Ed Padin (May 02)
- Re: Large DNS scans from 211.53.208.178 Keith McCammon (May 03)
- Re: Large DNS scans from 211.53.208.178 David B. Bukowski (May 03)
- Re: Large DNS scans from 211.53.208.178 sigipp () WELLA COM BR (May 03)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (May 03)
(Thread continues...)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (Apr 30)