Security Incidents mailing list archives
Re: Strange DNS queries
From: Jason Lewis <jlewis () packetnexus com>
Date: Tue, 29 Nov 2005 21:54:28 -0500
This link has info. http://deluvian.doxpara.com/ Alexander Klimov wrote:
We see some random DNS queries: 209.200.168.66 routinely asks us about license.sunncomm2.com connected.sonymusic.com updates.xcp-aurora.com r1x.myz.info a.botdot.tk brandonsisco.com <some-base64-like-here>.deluvian.doxpara.com <some-base64-like-here>.<digits-here>.maddns.net etc. And it looks like we are not the only target: <http://www.google.com/search?q=%22209.200.168.66%22> There are only few requests per hour, but this is a steady stream since the beginning of the month (plus there was some portscan with even slower rate). We can easily block them by firewall, but it is interesting what they actually try to acheive? I know about sonymusic rootkit search, but what about the other sites?
Current thread:
- Strange DNS queries Alexander Klimov (Nov 29)
- Re: Strange DNS queries Byron Sonne (Nov 30)
- Re: Strange DNS queries Jason Lewis (Nov 30)
- Re: Strange DNS queries Felix Gröbert (Nov 30)
- <Possible follow-ups>
- Re: Strange DNS queries webadmin (Nov 30)
- Re: Re: Strange DNS queries webadmin (Nov 30)