|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Strange DNS queries
From: Alexander Klimov (alserkli
inbox.ru)
Date: Tue Nov 29 2005 - 06:08:26 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
We see some random DNS queries: 209.200.168.66 routinely asks us about
license.sunncomm2.com
connected.sonymusic.com
updates.xcp-aurora.com
r1x.myz.info
a.botdot.tk
brandonsisco.com
<some-base64-like-here>.deluvian.doxpara.com
<some-base64-like-here>.<digits-here>.maddns.net
etc.
And it looks like we are not the only target:
<http://www.google.com/search?q=%22209.200.168.66%22>
There are only few requests per hour, but this is a steady stream
since the beginning of the month (plus there was some portscan with
even slower rate). We can easily block them by firewall, but it is
interesting what they actually try to acheive?
I know about sonymusic rootkit search, but what about the other sites?
--
Regards,
ASK
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]