Re: Strange DNS queries
- From: Jason Lewis <jlewis@xxxxxxxxxxxxxxx>
- Date: Fri, 02 Dec 2005 17:05:37 -0500
I am totally amazed at the number of email bounces I received from my single post to the list. I hardly post to large mailing lists anymore because I spend the next week deleting bounces.
A lot of lists have moved to trolling for bounces, is anyone doing that for this list?
Jason Lewis wrote:
This link has info.
http://deluvian.doxpara.com/
Alexander Klimov wrote:
We see some random DNS queries: 209.200.168.66 routinely asks us about
license.sunncomm2.com connected.sonymusic.com updates.xcp-aurora.com r1x.myz.info a.botdot.tk brandonsisco.com <some-base64-like-here>.deluvian.doxpara.com <some-base64-like-here>.<digits-here>.maddns.net etc.
And it looks like we are not the only target: <http://www.google.com/search?q=%22209.200.168.66%22>
There are only few requests per hour, but this is a steady stream since the beginning of the month (plus there was some portscan with even slower rate). We can easily block them by firewall, but it is interesting what they actually try to acheive?
I know about sonymusic rootkit search, but what about the other sites?
- References:
- Re: Strange DNS queries
- From: Jason Lewis
- Re: Strange DNS queries
- Prev by Date: Re: DNS Query Details from 209.200.168.66
- Next by Date: administrivia: bounces, vacation messages, etc...
- Previous by thread: Re: Strange DNS queries
- Next by thread: Re: Strange DNS queries
- Index(es):
Relevant Pages
|
