On Fri, Jan 11, 2002 at 07:47:17PM +0100, Richard Arends wrote: > On 11 Jan 2002, Jerry Perser wrote: > > > Here are the 19 ip addresses: > > > > 128.121.10.146 128.242.105.34 > > 129.250.244.10 193.148.15.128 194.205.125.26 194.213.64.150 > > 202.139.133.129 203.194.166.182 203.81.45.254 216.220.39.42 > > 216.33.35.214 > > 216.34.68.2 216.35.167.58 62.23.80.2 62.26.119.34 > > 64.14.200.154 64.37.200.46 64.56.174.186 64.78.235.14 > > I'm getting scans for port 53 from the same ip's ! > and tracking system please see: http://aris.securityfocus.com Apologies for adding another "me too", but there's a thread in comp.security.firewalls, subject "Misconfigured DNS, firewall too tight or (spoofed?) attack?", discussing the same thing. I'd be interested to know what is causing this traffic, my guess in that Usenet thread was that the person receiving these packets was a fake source for DNS scanning - but that is, of course, wrong. -- Nick Drage - Security Architecture - Demon Internet "A lonely voice Echoing through the wilderness Request Timed Out" ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 14 2002 - 10:02:39 PST