Re: Large number of DNS probes in last 24 hours

[Michael Still <mikal () stillhq com>]

Jim Wise wrote:
> On Fri, 30 May 2008, Michael Still wrote:

> > I have seen PlanetLab experiments doing this. What are the originating
> > IP addresses?
>
> Three observed source addresses
>
>       208.78.169.237
>       204.11.51.62
>       194.199.24.101
>
> Source ports are high and non-repeating.  Other than the domain root, 
> A-record queries for "google.com" and for hostnames which appear to be 
> on the same subnet as the querying host.

Hmmm. All the PlanetLab nodes should have valid reverse DNS, which isn't
the case here, so I guess it is something more malicious.

Mikal