Re: Weird DNS scans

From: Ryan Russell (ryanat_private)
Date: Fri Oct 05 2001 - 09:30:56 PDT

Next message: Richard Smith: "Re: Weird DNS scans"

Previous message: foobat_private: "Re: SHELLCODE x86 NOOP"
In reply to: Seth Milder: "Weird DNS scans"
Next in thread: Richard Smith: "Re: Weird DNS scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 5 Oct 2001, Seth Milder wrote:

> I am getting a ton of DNS scans from what seem to be all BSDI machines
> and all from China (so far). They are also *all* running
>
<SNIP>
> Remote operating system guess: F5labs Big/IP HA TCP/IP Load Balancer

There's you answer right there.  They're F5 BigIP boxes.  when you visit a
site that uses them, they do some DNS queries to determine which of their
servers you're closest to.

					Ryan


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Richard Smith: "Re: Weird DNS scans"
Previous message: foobat_private: "Re: SHELLCODE x86 NOOP"
In reply to: Seth Milder: "Weird DNS scans"
Next in thread: Richard Smith: "Re: Weird DNS scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 09:47:58 PDT