[nsp-sec] Romanian IP's being DNS-bad, botnet/spamnet controllers?
Chris Morrow
morrowc at ops-netman.net
Tue Jan 6 17:39:30 EST 2009
On Jan 6, 2009, at 5:30 PM, Chris Morrow wrote:
> ----------- nsp-security Confidential --------
>
> Howdy, would anyone else that runs largeish dns clusters have
> information about:
>
> 78.96.154.147
> 193.226.19.74
> 86.120.67.249
>
and 89.114.153.236 for whatever reason...
> These 3 ips seem to REALLY like to hammer dns servers for MX (only
> actually) queries... they seem to be talking to the 'right' DNS
> servers (my dns servers when doing MX lookups for my domains). I
> don't see anything odd in their origin ASN, CBL, spamhaus (aside
> from some PBL listings which dont' seem to apply here). Are these
> ips known to anyone else as having done boatloads of DNS lookups? I
> remember someone else in the content-game asking this recently, but
> I can't recall whom that was :(
>
> -Chris
> (google-security-person)
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> security
> community. Confidentiality is essential for effective Internet
> security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list