Re: Weird DNS scans

From: Ryan Russell (ryanat_private)
Date: Fri Oct 05 2001 - 09:30:56 PDT

  • Next message: Richard Smith: "Re: Weird DNS scans"

    On Fri, 5 Oct 2001, Seth Milder wrote:
    > I am getting a ton of DNS scans from what seem to be all BSDI machines
    > and all from China (so far). They are also *all* running
    > Remote operating system guess: F5labs Big/IP HA TCP/IP Load Balancer
    There's you answer right there.  They're F5 BigIP boxes.  when you visit a
    site that uses them, they do some DNS queries to determine which of their
    servers you're closest to.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 09:47:58 PDT