[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Large number of DNS probes in last 24 hours

Subject: Large number of DNS probes in last 24 hours
From: mikal at stillhq.com (Michael Still)
Date: Mon, 02 Jun 2008 15:36:54 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

Jim Wise wrote:
> On Fri, 30 May 2008, Michael Still wrote:

>> I have seen PlanetLab experiments doing this. What are the originating
>> IP addresses?
> 
> Three observed source addresses
> 
> 	208.78.169.237
> 	204.11.51.62
> 	194.199.24.101
> 
> Source ports are high and non-repeating.  Other than the domain root, 
> A-record queries for "google.com" and for hostnames which appear to be 
> on the same subnet as the querying host.

Hmmm. All the PlanetLab nodes should have valid reverse DNS, which isn't
the case here, so I guess it is something more malicious.

Mikal

Prev by Date: NANOG NYC Event
Next by Date: Network trend and right planning
Previous by thread: OLD root server IP addresses through history
Next by thread: Network trend and right planning
Index(es):
- Date
- Thread