Large number of DNS probes in last 24 hours

• Previous message (by thread): OLD root server IP addresses through history
• Next message (by thread): Network trend and right planning
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jim Wise wrote:
> On Fri, 30 May 2008, Michael Still wrote:

>> I have seen PlanetLab experiments doing this. What are the originating
>> IP addresses?
> 
> Three observed source addresses
> 
> 	208.78.169.237
> 	204.11.51.62
> 	194.199.24.101
> 
> Source ports are high and non-repeating.  Other than the domain root, 
> A-record queries for "google.com" and for hostnames which appear to be 
> on the same subnet as the querying host.

Hmmm. All the PlanetLab nodes should have valid reverse DNS, which isn't
the case here, so I guess it is something more malicious.

Mikal

• Previous message (by thread): OLD root server IP addresses through history
• Next message (by thread): Network trend and right planning
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]