Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Large DNS scans from 211.53.208.178

From: r.fulton () AUCKLAND AC NZ (Russell Fulton)
Date: Wed, 3 May 2000 12:20:51 +1200

On Tue, 2 May 2000 10:42:49 +0100 Fernando Cardoso <fernando () BN PT>
wrote:


Korea is a classic :)

These days Brazil is becoming also a must. This weekend we have DNS
scans (zone transfers and/or version query) from dial-up accounts in
Portugal, Taiwan and Brazil and from a (surely) compromised server in
Brazil.


We are seeing some incidents from Brazil but at least they have an
active CERT who will help contact sites.

http://www.nic.br/

has a link to their secuirty office.  I have found them very helpful.

The problem with many asian sites is that one or more of the following
is often true:

1/ Addresses don't have PTR records (even major ISPs don't)
2/ APNIC records don't have email addresses
3/ If there are email addresses in APNIC then they are out of date
4/ If you can find the domain then they don't have postmaster alias.

None of these problems are unique to Asia but they do seem much worse
there than in the US, Europe or Australasia.

Cheers, Russell.
Previous By Date Next
Previous By Thread Next

Current thread: