nanog mailing list archives

Re: DNS scans by IANA

From: bmanning () karoshi com
Date: Fri, 3 Oct 2003 09:54:37 -0700 (PDT)




true enough.   when it first was initiated, back in 1997, it was
an IANA chartered activity.  It is not now, nor ever has been run
on IANA machines.  If you have specific questions, I'd be pleased
to talk about them off-list.

--bill manning
310.322.8102



Hello Andrew,


This is not being done by the IANA or from an IANA machine.

This is something being carried out by epnet I believe

John crain




Friday, October 03, 2003


AF> Anyone have any idea why a host from IANA would be scanning DNS servers?

AF> ;; AUTHORITY SECTION:
AF> 4.32.198.in-addr.arpa.  10551   IN      SOA     dot.ip4.int. 
AF> hostmaster.ip4.int. 1928630 10800 900 604800 86400


AF> 10/03-01:29:45.947001 [**] [1:1616:4] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named 
AF> version attempt [**] [Classification: Attempted Information Leak] 
AF> [Priority: 2] {UDP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33581&protocol=UDP>33581
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-01:29:46.257443 [**] [1:255:8] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone 
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 
AF> 2] {TCP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39050&protocol=TCP>39050
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-01:29:46.544719 [**] [1:1616:4] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named 
AF> version attempt [**] [Classification: Attempted Information Leak] 
AF> [Priority: 2] {UDP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33623&protocol=UDP>33623
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-01:29:47.067072 [**] [1:255:8] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone 
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 
AF> 2] {TCP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39057&protocol=TCP>39057
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-01:57:47.356984 [**] [1:1616:4] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named 
AF> version attempt [**] [Classification: Attempted Information Leak] 
AF> [Priority: 2] {UDP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=56229&protocol=UDP>56229
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-01:57:47.762762 [**] [1:255:8] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone 
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 
AF> 2] {TCP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46196&protocol=TCP>46196
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-02:01:02.332948 [**] [1:1616:4] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named 
AF> version attempt [**] [Classification: Attempted Information Leak] 
AF> [Priority: 2] {UDP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=36697&protocol=UDP>36697
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-02:01:02.739583 [**] [1:255:8] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone 
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 
AF> 2] {TCP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47061&protocol=TCP>47061
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-02:01:59.042381 [**] [1:1616:4] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named 
AF> version attempt [**] [Classification: Attempted Information Leak] 
AF> [Priority: 2] {UDP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39008&protocol=UDP>39008
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-02:01:59.455718 [**] [1:255:8] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone 
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 
AF> 2] {TCP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47296&protocol=TCP>47296
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-02:05:01.297316 [**] [1:1616:4] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named 
AF> version attempt [**] [Classification: Attempted Information Leak] 
AF> [Priority: 2] {UDP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46251&protocol=UDP>46251
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-02:05:01.710271 [**] [1:255:8] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone 
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 
AF> 2] {TCP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48067&protocol=TCP>48067
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-02:05:28.770286 [**] [1:1616:4] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named 
AF> version attempt [**] [Classification: Attempted Information Leak] 
AF> [Priority: 2] {UDP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47507&protocol=UDP>47507
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-02:05:29.326121 [**] [1:255:8] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone 
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 
AF> 2] {TCP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48191&protocol=TCP>48191
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-02:05:44.704398 [**] [1:1616:4] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named 
AF> version attempt [**] [Classification: Attempted Information Leak] 
AF> [Priority: 2] {UDP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48082&protocol=UDP>48082
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-02:05:45.755863 [**] [1:255:8] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone 
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 
AF> 2] {TCP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48244&protocol=TCP>48244
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-02:10:20.499887 [**] [1:1616:4] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named 
AF> version attempt [**] [Classification: Attempted Information Leak] 
AF> [Priority: 2] {UDP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=57711&protocol=UDP>57711
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-02:10:20.906450 [**] [1:255:8] 
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone 
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 
AF> 2] {TCP} 
AF> 
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=49232&protocol=TCP>49232
 
->> 
AF> 
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53

Current thread:

DNS scans by IANA Andrew Fried (Oct 03)
- Re: DNS scans by IANA Jared Mauch (Oct 03)
  - Re: DNS scans by IANA bmanning (Oct 03)
- Re: DNS scans by IANA John L Crain (Oct 03)
  - Re: DNS scans by IANA bmanning (Oct 03)