DNS scans by IANA
Andrew Fried
afried at cis.fed.gov
Fri Oct 3 13:25:16 UTC 2003
Anyone have any idea why a host from IANA would be scanning DNS servers?
;; AUTHORITY SECTION:
4.32.198.in-addr.arpa. 10551 IN SOA dot.ip4.int.
hostmaster.ip4.int. 1928630 10800 900 604800 86400
10/03-01:29:45.947001 [**] [1:1616:4]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
version attempt [**] [Classification: Attempted Information Leak]
[Priority: 2] {UDP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33581&protocol=UDP>33581
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
10/03-01:29:46.257443 [**] [1:255:8]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
2] {TCP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39050&protocol=TCP>39050
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
10/03-01:29:46.544719 [**] [1:1616:4]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
version attempt [**] [Classification: Attempted Information Leak]
[Priority: 2] {UDP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33623&protocol=UDP>33623
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
10/03-01:29:47.067072 [**] [1:255:8]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
2] {TCP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39057&protocol=TCP>39057
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
10/03-01:57:47.356984 [**] [1:1616:4]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
version attempt [**] [Classification: Attempted Information Leak]
[Priority: 2] {UDP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=56229&protocol=UDP>56229
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
10/03-01:57:47.762762 [**] [1:255:8]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
2] {TCP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46196&protocol=TCP>46196
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
10/03-02:01:02.332948 [**] [1:1616:4]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
version attempt [**] [Classification: Attempted Information Leak]
[Priority: 2] {UDP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=36697&protocol=UDP>36697
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
10/03-02:01:02.739583 [**] [1:255:8]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
2] {TCP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47061&protocol=TCP>47061
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
10/03-02:01:59.042381 [**] [1:1616:4]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
version attempt [**] [Classification: Attempted Information Leak]
[Priority: 2] {UDP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39008&protocol=UDP>39008
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
10/03-02:01:59.455718 [**] [1:255:8]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
2] {TCP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47296&protocol=TCP>47296
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
10/03-02:05:01.297316 [**] [1:1616:4]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
version attempt [**] [Classification: Attempted Information Leak]
[Priority: 2] {UDP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46251&protocol=UDP>46251
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
10/03-02:05:01.710271 [**] [1:255:8]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
2] {TCP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48067&protocol=TCP>48067
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
10/03-02:05:28.770286 [**] [1:1616:4]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
version attempt [**] [Classification: Attempted Information Leak]
[Priority: 2] {UDP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47507&protocol=UDP>47507
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
10/03-02:05:29.326121 [**] [1:255:8]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
2] {TCP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48191&protocol=TCP>48191
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
10/03-02:05:44.704398 [**] [1:1616:4]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
version attempt [**] [Classification: Attempted Information Leak]
[Priority: 2] {UDP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48082&protocol=UDP>48082
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
10/03-02:05:45.755863 [**] [1:255:8]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
2] {TCP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48244&protocol=TCP>48244
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
10/03-02:10:20.499887 [**] [1:1616:4]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
version attempt [**] [Classification: Attempted Information Leak]
[Priority: 2] {UDP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=57711&protocol=UDP>57711
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
10/03-02:10:20.906450 [**] [1:255:8]
<http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
2] {TCP}
<http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=49232&protocol=TCP>49232
->
<http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031003/4d524480/attachment.html>
More information about the NANOG
mailing list