nanog mailing list archives
DNS scans by IANA
From: Andrew Fried <afried () cis fed gov>
Date: Fri, 03 Oct 2003 09:25:16 -0400
Anyone have any idea why a host from IANA would be scanning DNS servers? ;; AUTHORITY SECTION:4.32.198.in-addr.arpa. 10551 IN SOA dot.ip4.int. hostmaster.ip4.int. 1928630 10800 900 604800 86400
10/03-01:29:45.947001 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33581&protocol=UDP>33581 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-01:29:46.257443 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39050&protocol=TCP>39050 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-01:29:46.544719 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33623&protocol=UDP>33623 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-01:29:47.067072 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39057&protocol=TCP>39057 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-01:57:47.356984 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=56229&protocol=UDP>56229 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-01:57:47.762762 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46196&protocol=TCP>46196 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-02:01:02.332948 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=36697&protocol=UDP>36697 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-02:01:02.739583 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47061&protocol=TCP>47061 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-02:01:59.042381 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39008&protocol=UDP>39008 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-02:01:59.455718 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47296&protocol=TCP>47296 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-02:05:01.297316 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46251&protocol=UDP>46251 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-02:05:01.710271 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48067&protocol=TCP>48067 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-02:05:28.770286 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47507&protocol=UDP>47507 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-02:05:29.326121 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48191&protocol=TCP>48191 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-02:05:44.704398 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48082&protocol=UDP>48082 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-02:05:45.755863 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48244&protocol=TCP>48244 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-02:10:20.499887 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=57711&protocol=UDP>57711 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-02:10:20.906450 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=49232&protocol=TCP>49232 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
Current thread:
- DNS scans by IANA Andrew Fried (Oct 03)
- Re: DNS scans by IANA Jared Mauch (Oct 03)
- Re: DNS scans by IANA bmanning (Oct 03)
- Re: DNS scans by IANA John L Crain (Oct 03)
- Re: DNS scans by IANA bmanning (Oct 03)
- Re: DNS scans by IANA Jared Mauch (Oct 03)