[nsp-sec] Romanian IP's being DNS-bad, botnet/spamnet controllers?
Chris Morrow
morrowc at ops-netman.net
Tue Jan 6 17:30:31 EST 2009
Howdy, would anyone else that runs largeish dns clusters have
information about:
78.96.154.147
193.226.19.74
86.120.67.249
These 3 ips seem to REALLY like to hammer dns servers for MX (only
actually) queries... they seem to be talking to the 'right' DNS
servers (my dns servers when doing MX lookups for my domains). I
don't see anything odd in their origin ASN, CBL, spamhaus (aside from
some PBL listings which dont' seem to apply here). Are these ips known
to anyone else as having done boatloads of DNS lookups? I remember
someone else in the content-game asking this recently, but I can't
recall whom that was :(
-Chris
(google-security-person)
More information about the nsp-security
mailing list