DNS scans by IANA
bmanning at karoshi.com
bmanning at karoshi.com
Fri Oct 3 16:54:37 UTC 2003
true enough. when it first was initiated, back in 1997, it was
an IANA chartered activity. It is not now, nor ever has been run
on IANA machines. If you have specific questions, I'd be pleased
to talk about them off-list.
--bill manning
310.322.8102
>
>
> Hello Andrew,
>
>
> This is not being done by the IANA or from an IANA machine.
>
> This is something being carried out by epnet I believe
>
> John crain
>
>
>
>
> Friday, October 03, 2003
>
>
> AF> Anyone have any idea why a host from IANA would be scanning DNS servers?
>
> AF> ;; AUTHORITY SECTION:
> AF> 4.32.198.in-addr.arpa. 10551 IN SOA dot.ip4.int.
> AF> hostmaster.ip4.int. 1928630 10800 900 604800 86400
>
>
> AF> 10/03-01:29:45.947001 [**] [1:1616:4]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
> AF> version attempt [**] [Classification: Attempted Information Leak]
> AF> [Priority: 2] {UDP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33581&protocol=UDP>33581
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
> AF> 10/03-01:29:46.257443 [**] [1:255:8]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
> AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
> AF> 2] {TCP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39050&protocol=TCP>39050
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
> AF> 10/03-01:29:46.544719 [**] [1:1616:4]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
> AF> version attempt [**] [Classification: Attempted Information Leak]
> AF> [Priority: 2] {UDP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33623&protocol=UDP>33623
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
> AF> 10/03-01:29:47.067072 [**] [1:255:8]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
> AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
> AF> 2] {TCP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39057&protocol=TCP>39057
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
> AF> 10/03-01:57:47.356984 [**] [1:1616:4]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
> AF> version attempt [**] [Classification: Attempted Information Leak]
> AF> [Priority: 2] {UDP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=56229&protocol=UDP>56229
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
> AF> 10/03-01:57:47.762762 [**] [1:255:8]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
> AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
> AF> 2] {TCP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46196&protocol=TCP>46196
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
> AF> 10/03-02:01:02.332948 [**] [1:1616:4]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
> AF> version attempt [**] [Classification: Attempted Information Leak]
> AF> [Priority: 2] {UDP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=36697&protocol=UDP>36697
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
> AF> 10/03-02:01:02.739583 [**] [1:255:8]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
> AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
> AF> 2] {TCP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47061&protocol=TCP>47061
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
> AF> 10/03-02:01:59.042381 [**] [1:1616:4]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
> AF> version attempt [**] [Classification: Attempted Information Leak]
> AF> [Priority: 2] {UDP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39008&protocol=UDP>39008
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
> AF> 10/03-02:01:59.455718 [**] [1:255:8]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
> AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
> AF> 2] {TCP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47296&protocol=TCP>47296
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
> AF> 10/03-02:05:01.297316 [**] [1:1616:4]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
> AF> version attempt [**] [Classification: Attempted Information Leak]
> AF> [Priority: 2] {UDP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46251&protocol=UDP>46251
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
> AF> 10/03-02:05:01.710271 [**] [1:255:8]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
> AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
> AF> 2] {TCP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48067&protocol=TCP>48067
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
> AF> 10/03-02:05:28.770286 [**] [1:1616:4]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
> AF> version attempt [**] [Classification: Attempted Information Leak]
> AF> [Priority: 2] {UDP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47507&protocol=UDP>47507
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
> AF> 10/03-02:05:29.326121 [**] [1:255:8]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
> AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
> AF> 2] {TCP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48191&protocol=TCP>48191
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
> AF> 10/03-02:05:44.704398 [**] [1:1616:4]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
> AF> version attempt [**] [Classification: Attempted Information Leak]
> AF> [Priority: 2] {UDP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48082&protocol=UDP>48082
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
> AF> 10/03-02:05:45.755863 [**] [1:255:8]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
> AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
> AF> 2] {TCP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48244&protocol=TCP>48244
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
> AF> 10/03-02:10:20.499887 [**] [1:1616:4]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named
> AF> version attempt [**] [Classification: Attempted Information Leak]
> AF> [Priority: 2] {UDP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=57711&protocol=UDP>57711
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53
> AF> 10/03-02:10:20.906450 [**] [1:255:8]
> AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone
> AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority:
> AF> 2] {TCP}
> AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=49232&protocol=TCP>49232
> ->>
> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
>
More information about the NANOG
mailing list