OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
DNS probe sources

From: Roger Marquis (marquisroble.com)
Date: Thu Jul 30 2009 - 09:58:17 CDT


These source addresses are likely spoofed, but am still curious whether
other FreeBSD admins saw a preponderance of DNS probes originating from
Microsoft corp subnets ahead of the recent ISC bind vulnerability
announcement?

Roger Marquis

  Jul 28 16:51:23 PDT named[...]: client 94.245.67.253#10546: query (cache) 'output.txt/A/IN' denied
  Jul 28 16:51:23 PDT named[...]: client 94.245.67.253#10543: query (cache) 'output.txt/A/IN' denied
  Jul 28 16:51:18 PDT named[...]: client 94.245.67.253#10546: query (cache) 'output.txt/A/IN' denied
  Jul 28 16:51:18 PDT named[...]: client 94.245.67.253#10543: query (cache) 'output.txt/A/IN' denied
  Jul 28 16:51:13 PDT named[...]: client 94.245.67.253#10546: query (cache) 'output.txt/A/IN' denied
  Jul 28 16:51:13 PDT named[...]: client 94.245.67.253#10543: query (cache) 'output.txt/A/IN' denied
  Jul 28 16:51:08 PDT named[...]: client 94.245.67.253#10370: query (cache) '>/A/IN' denied
  Jul 28 16:51:08 PDT named[...]: client 94.245.67.253#10366: query (cache) '>/A/IN' denied
  Jul 28 16:51:03 PDT named[...]: client 94.245.67.253#10370: query (cache) '>/A/IN' denied
  Jul 28 16:51:03 PDT named[...]: client 94.245.67.253#10366: query (cache) '>/A/IN' denied
  Jul 28 16:50:58 PDT named[...]: client 94.245.67.253#10370: query (cache) '>/A/IN' denied
  Jul 28 16:50:58 PDT named[...]: client 94.245.67.253#10366: query (cache) '>/A/IN' denied
  Jul 28 07:25:45 PDT named[...]: client 207.46.57.240#37973: query (cache) 'output.txt/A/IN' denied
  Jul 28 07:25:45 PDT named[...]: client 207.46.57.240#37959: query (cache) '>/A/IN' denied
  ...
  Jul 27 23:24:47 PDT named[...]: client 94.245.67.253#55561: query (cache) 'output.txt/A/IN' denied
  Jul 27 23:24:32 PDT named[...]: client 94.245.67.253#55354: query (cache) '>/A/IN' denied
  Jul 27 15:10:33 PDT named[...]: client 207.46.57.240#17255: query (cache) 'output.txt/A/IN' denied
  Jul 27 15:10:33 PDT named[...]: client 207.46.57.240#17242: query (cache) '>/A/IN' denied
  ...
  Jul 24 07:21:22 PDT named[...]: client 94.245.67.253#15828: query (cache) 'output.txt/A/IN' denied
  Jul 24 07:21:07 PDT named[...]: client 94.245.67.253#15637: query (cache) '>/A/IN' denied
  Jul 24 06:10:30 PDT named[...]: client 207.46.57.240#59717: query (cache) 'output.txt/A/IN' denied
  Jul 24 06:10:30 PDT named[...]: client 207.46.57.240#59707: query (cache) '>/A/IN' denied
  ...
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"