Large number of DNS probes in last 24 hours
mikal at stillhq.com
Mon Jun 2 17:36:54 CDT 2008
Jim Wise wrote:
> On Fri, 30 May 2008, Michael Still wrote:
>> I have seen PlanetLab experiments doing this. What are the originating
>> IP addresses?
> Three observed source addresses
> Source ports are high and non-repeating. Other than the domain root,
> A-record queries for "google.com" and for hostnames which appear to be
> on the same subnet as the querying host.
Hmmm. All the PlanetLab nodes should have valid reverse DNS, which isn't
the case here, so I guess it is something more malicious.
More information about the NANOG