Security Incidents mailing list archives
Re: Resurgence of DNS scanning activity
From: John Kinsella <jlk () thrashyour com>
Date: Thu, 30 Aug 2001 10:52:35 -0700
Yep, the DNS scans are definitely picking back up again. Code Red or some variant seems to have woken back up in the last 12 hours or so as well, plus I just saw this one: xxx.xxx.xxx.xxx - - [30/Aug/2001:10:04:34 -0700] "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.1" 400 It's happened more than once, and it's coming from the same IP that's also doing the normal code red thing. John On Thu, Aug 30, 2001 at 09:47:47AM -0400, Keith.Morgan wrote:
Is anyone else seeing a resurgence of DNS scans? Or, for the past month+ have we just been dodging the bullet. DNS has been really quiet on our networks for the past couple of months, but over the past two days, we've seen a 90% increase. New worm? Kids back at school? Just a fluke? Keith T. Morgan Chief of Information Security Terradon Communications keith.morgan () terradon com 304-755-8291 x142 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Resurgence of DNS scanning activity John Kinsella (Sep 01)