nanog mailing list archives
Re: DNS scans by IANA
From: bmanning () karoshi com
Date: Fri, 3 Oct 2003 09:54:37 -0700 (PDT)
true enough. when it first was initiated, back in 1997, it was an IANA chartered activity. It is not now, nor ever has been run on IANA machines. If you have specific questions, I'd be pleased to talk about them off-list. --bill manning 310.322.8102
Hello Andrew, This is not being done by the IANA or from an IANA machine. This is something being carried out by epnet I believe John crain Friday, October 03, 2003 AF> Anyone have any idea why a host from IANA would be scanning DNS servers? AF> ;; AUTHORITY SECTION: AF> 4.32.198.in-addr.arpa. 10551 IN SOA dot.ip4.int. AF> hostmaster.ip4.int. 1928630 10800 900 604800 86400 AF> 10/03-01:29:45.947001 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33581&protocol=UDP>33581 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-01:29:46.257443 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39050&protocol=TCP>39050 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-01:29:46.544719 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33623&protocol=UDP>33623 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-01:29:47.067072 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39057&protocol=TCP>39057 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-01:57:47.356984 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=56229&protocol=UDP>56229 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-01:57:47.762762 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46196&protocol=TCP>46196 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:01:02.332948 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=36697&protocol=UDP>36697 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:01:02.739583 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47061&protocol=TCP>47061 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:01:59.042381 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39008&protocol=UDP>39008 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:01:59.455718 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47296&protocol=TCP>47296 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:05:01.297316 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46251&protocol=UDP>46251 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:05:01.710271 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48067&protocol=TCP>48067 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:05:28.770286 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47507&protocol=UDP>47507 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:05:29.326121 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48191&protocol=TCP>48191 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:05:44.704398 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48082&protocol=UDP>48082 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:05:45.755863 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48244&protocol=TCP>48244 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:10:20.499887 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=57711&protocol=UDP>57711 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:10:20.906450 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=49232&protocol=TCP>49232 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
Current thread:
- DNS scans by IANA Andrew Fried (Oct 03)
- Re: DNS scans by IANA Jared Mauch (Oct 03)
- Re: DNS scans by IANA bmanning (Oct 03)
- Re: DNS scans by IANA John L Crain (Oct 03)
- Re: DNS scans by IANA bmanning (Oct 03)
- Re: DNS scans by IANA Jared Mauch (Oct 03)