Re: Weird DNS scans

From: Ryan Russell (ryanat_private)
Date: Fri Oct 05 2001 - 09:30:56 PDT

  • Next message: Richard Smith: "Re: Weird DNS scans"

    On Fri, 5 Oct 2001, Seth Milder wrote:
    
    > I am getting a ton of DNS scans from what seem to be all BSDI machines
    > and all from China (so far). They are also *all* running
    >
    <SNIP>
    > Remote operating system guess: F5labs Big/IP HA TCP/IP Load Balancer
    
    There's you answer right there.  They're F5 BigIP boxes.  when you visit a
    site that uses them, they do some DNS queries to determine which of their
    servers you're closest to.
    
    					Ryan
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 09:47:58 PDT