Security Incidents mailing list archives
Re: Large DNS scans from 211.53.208.178
From: r.fulton () AUCKLAND AC NZ (Russell Fulton)
Date: Wed, 3 May 2000 12:20:51 +1200
On Tue, 2 May 2000 10:42:49 +0100 Fernando Cardoso <fernando () BN PT> wrote:
Korea is a classic :) These days Brazil is becoming also a must. This weekend we have DNS scans (zone transfers and/or version query) from dial-up accounts in Portugal, Taiwan and Brazil and from a (surely) compromised server in Brazil.
We are seeing some incidents from Brazil but at least they have an active CERT who will help contact sites. http://www.nic.br/ has a link to their secuirty office. I have found them very helpful. The problem with many asian sites is that one or more of the following is often true: 1/ Addresses don't have PTR records (even major ISPs don't) 2/ APNIC records don't have email addresses 3/ If there are email addresses in APNIC then they are out of date 4/ If you can find the domain then they don't have postmaster alias. None of these problems are unique to Asia but they do seem much worse there than in the US, Europe or Australasia. Cheers, Russell.
Current thread:
- Large DNS scans from 211.53.208.178 alann lopes (Apr 28)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (Apr 30)
- Re: Large DNS scans from 211.53.208.178 Richard Stevenson (May 02)
- Re: Large DNS scans from 211.53.208.178 Bryan Seitz (Apr 30)
- Strange 33434/UDP traffic from MS W2k with Active Directory Eugene Taylashev (May 01)
- more weird traceroutes Donald McLachlan (May 02)
- Re: more weird traceroutes Chad Thunberg (May 02)
- <Possible follow-ups>
- Re: Large DNS scans from 211.53.208.178 Fernando Cardoso (May 02)
- Re: Large DNS scans from 211.53.208.178 Russell Fulton (May 02)
- Re: Large DNS scans from 211.53.208.178 Ed Padin (May 02)
- Re: Large DNS scans from 211.53.208.178 Keith McCammon (May 03)
- Re: Large DNS scans from 211.53.208.178 David B. Bukowski (May 03)
- Re: Large DNS scans from 211.53.208.178 sigipp () WELLA COM BR (May 03)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (May 03)
- Re: Large DNS scans from 211.53.208.178 Greg A. Woods (May 08)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (May 03)
- Re: Large DNS scans from 211.53.208.178 Chen, Dave (May 03)
- Re: Large DNS scans from 211.53.208.178 Igor Gashinsky (May 03)
- Re: Large DNS scans from 211.53.208.178 Keith Owens (May 06)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (Apr 30)