DNS scans by IANA
John L Crain
crain at icann.org
Fri Oct 3 16:44:50 UTC 2003
Hello Andrew,
This is not being done by the IANA or from an IANA machine.
This is something being carried out by epnet I believe
John crain
Friday, October 03, 2003
AF> Anyone have any idea why a host from IANA would be scanning DNS servers?
AF> ;; AUTHORITY SECTION:
AF> 4.32.198.in-addr.arpa. 10551 IN SOA dot.ip4.int.
AF> hostmaster.ip4.int. 1928630 10800 900 604800 86400
AF> 10/03-01:29:45.947001 [**] [1:1616:4]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
AF> version attempt [**] [Classification: Attempted Information Leak]
AF> [Priority: 2] {UDP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33581&protocol=UDP>33581
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-01:29:46.257443 [**] [1:255:8]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
AF> 2] {TCP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39050&protocol=TCP>39050
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-01:29:46.544719 [**] [1:1616:4]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
AF> version attempt [**] [Classification: Attempted Information Leak]
AF> [Priority: 2] {UDP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33623&protocol=UDP>33623
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-01:29:47.067072 [**] [1:255:8]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
AF> 2] {TCP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39057&protocol=TCP>39057
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-01:57:47.356984 [**] [1:1616:4]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
AF> version attempt [**] [Classification: Attempted Information Leak]
AF> [Priority: 2] {UDP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=56229&protocol=UDP>56229
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-01:57:47.762762 [**] [1:255:8]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
AF> 2] {TCP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46196&protocol=TCP>46196
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-02:01:02.332948 [**] [1:1616:4]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
AF> version attempt [**] [Classification: Attempted Information Leak]
AF> [Priority: 2] {UDP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=36697&protocol=UDP>36697
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-02:01:02.739583 [**] [1:255:8]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
AF> 2] {TCP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47061&protocol=TCP>47061
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-02:01:59.042381 [**] [1:1616:4]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
AF> version attempt [**] [Classification: Attempted Information Leak]
AF> [Priority: 2] {UDP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39008&protocol=UDP>39008
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-02:01:59.455718 [**] [1:255:8]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
AF> 2] {TCP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47296&protocol=TCP>47296
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-02:05:01.297316 [**] [1:1616:4]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
AF> version attempt [**] [Classification: Attempted Information Leak]
AF> [Priority: 2] {UDP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46251&protocol=UDP>46251
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-02:05:01.710271 [**] [1:255:8]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
AF> 2] {TCP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48067&protocol=TCP>48067
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-02:05:28.770286 [**] [1:1616:4]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
AF> version attempt [**] [Classification: Attempted Information Leak]
AF> [Priority: 2] {UDP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47507&protocol=UDP>47507
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-02:05:29.326121 [**] [1:255:8]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
AF> 2] {TCP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48191&protocol=TCP>48191
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-02:05:44.704398 [**] [1:1616:4]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
AF> version attempt [**] [Classification: Attempted Information Leak]
AF> [Priority: 2] {UDP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48082&protocol=UDP>48082
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-02:05:45.755863 [**] [1:255:8]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
AF> 2] {TCP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48244&protocol=TCP>48244
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
AF> 10/03-02:10:20.499887 [**] [1:1616:4]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
AF> version attempt [**] [Classification: Attempted Information Leak]
AF> [Priority: 2] {UDP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=57711&protocol=UDP>57711
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
AF> 10/03-02:10:20.906450 [**] [1:255:8]
AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
AF> 2] {TCP}
AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=49232&protocol=TCP>49232
->>
AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
More information about the NANOG
mailing list