[nsp-sec] Suspicious DNS Activity
Dave Monnier
dmonnier at cymru.com
Wed Jul 30 13:17:52 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
White, Gerard wrote:
| ----------- nsp-security Confidential --------
|
| Greetings.
|
| The following source is doing a continuious, repetitive Type 255
| (Request all records) request
| to the tune of 10-30 QPS on some of our patched servers:
|
| AS | IP | AS Name
| 25535 | 194.85.88.199 | ASN-RUCENTER-HOSTING Hosting Traffic
| exchange
|
| GW
| 855 - Bell Aliant
Hi Gerard,
We don't have a ton of extra info on this. It looks to be a Solaris box
~ and has had the RR kaztoday.ru pointed at it as recently as earlier today.
Cheers,
- -Dave
- --
Dave Monnier, Senior Systems Engineer, Team Cymru
http://www.cymru.com/ | +1 312 924 4042 | dmonnier at cymru.com
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAkiQokAACgkQ+29txnwarlVB8wCdFIJ5ncdvxlxVDRGGDtgc2SMw
qRIAn0BEFQA/WHX0IeE4WaQB4phjgSBh
=oazI
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list