Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Large DNS scans from 211.53.208.178

From: sysadmin () SASSPRODUCTIONS COM (Seth Georgion)
Date: Mon, 1 May 2000 01:49:30 -0400

This is very common, especially from Korea and should be seen as obvious attempts to find Zone Transferable hosts and 
should be secured against by disallowing Unauthorized Zone Transfers. Of course any one who has an even minimal 
computer education should be aware that all zone transfers are by nature TCP based and that all DNS Lookups are by 
nature UDP based. Thus it would follow that no one, not even the village idiot, would allow TCP 53 through the firewall.

hmmmmmmmmmmm...... ucsd.edu? I guess I see why the recent DoS attacks started at weakly secured university computers. 

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On
Behalf Of alann lopes
Sent: Friday, April 28, 2000 7:39 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Large DNS scans from 211.53.208.178

We are seeing a substantial scans
of DNS from 211.53.208.178 apparently
from Korea...

Anyone else?

Thank you -- alann

======================================================================
Apr 28 12:23:44 PDT tcp  211.53.208.178(4147) ->132.239.242.207(53), 1
Apr 28 12:23:46 PDT tcp  211.53.208.178(4140) ->132.239.242.202(53), 1
Apr 28 12:23:52 PDT tcp  211.53.208.178(4142) ->132.239.242.203(53), 1

Apr 28 15:07:24 PDT tcp  211.53.208.178(1987) ->132.239.242.206(53), 1
Apr 28 15:07:32 PDT tcp  211.53.208.178(1963) ->132.239.242.195(53), 1
Apr 28 15:07:44 PDT tcp  211.53.208.178(1960) ->132.239.242.192(53), 1
======================================================================
Previous By Date Next
Previous By Thread Next

Current thread: