nanog mailing list archives
Re: Large number of DNS probes in last 24 hours
From: Jim Wise <jwise () draga com>
Date: Sat, 31 May 2008 00:34:31 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 30 May 2008, Michael Still wrote:
Jim Wise wrote:I've seen a surprising number of attempted recursive DNS requests against unpublished non-recursive DNS servers in the last 24 hours or so, many of them obviously probes of some sort (query for "." IN NS, eg). Is anyone else seeing this? Is it new? Or did some botnet just reach this corner of the IP space?I have seen PlanetLab experiments doing this. What are the originating IP addresses?
Three observed source addresses 208.78.169.237 204.11.51.62 194.199.24.101 Source ports are high and non-repeating. Other than the domain root, A-record queries for "google.com" and for hostnames which appear to be on the same subnet as the querying host. - -- Jim Wise jwise () draga com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (NetBSD) iD8DBQFIQNVXq/KRbT0KwbwRAvxDAJ9AuikE/UHx8YvlWIyiL4cdnaVjhwCdGYBI CTEd5J0L0NCeDnpViMxOPmY= =W/wp -----END PGP SIGNATURE-----
Current thread:
- Large number of DNS probes in last 24 hours Jim Wise (May 30)
- Re: Large number of DNS probes in last 24 hours Lynda (May 30)
- Re: Large number of DNS probes in last 24 hours John Menerick (May 30)
- Re: Large number of DNS probes in last 24 hours Michael Still (May 30)
- Re: Large number of DNS probes in last 24 hours Jim Wise (May 30)
- Re: Large number of DNS probes in last 24 hours Lynda (May 30)