I've seen a surprising number of attempted recursive DNS requests
against unpublished non-recursive DNS servers in the last 24 hours or
so, many of them obviously probes of some sort (query for "." IN NS,
eg).
Is anyone else seeing this? Is it new? Or did some botnet just reach
this corner of the IP space?
- --
Jim Wise
jwise@draga.com
Jim Wise wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1I've seen a surprising number of attempted recursive DNS requests against unpublished non-recursive DNS servers in the last 24 hours or so, many of them obviously probes of some sort (query for "." IN NS, eg).
Is anyone else seeing this? Is it new? Or did some botnet just reach this corner of the IP space?
Yes, no, and yes. I've seen this sort of thing severe enough that I simply took the servers down for a day (yes, really), even considering the severe inconvenience that caused.
I have seen this as well on my fringe IP-space networks. Just a botnet or two running along the range. A cost of doing business :\
John Menerick
http://icehax.us
Jim Wise wrote:
I've seen a surprising number of attempted recursive DNS requests
against unpublished non-recursive DNS servers in the last 24 hours or
so, many of them obviously probes of some sort (query for "." IN NS,
eg).Is anyone else seeing this? Is it new? Or did some botnet just reach
this corner of the IP space?
I have seen PlanetLab experiments doing this. What are the originating
IP addresses?
Mikal
Three observed source addresses
208.78.169.237
204.11.51.62
194.199.24.101
Source ports are high and non-repeating. Other than the domain root,
A-record queries for "google.com" and for hostnames which appear to be
on the same subnet as the querying host.
- --
Jim Wise
jwise@draga.com
Jim Wise wrote: