|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Strange DNS queries
From: Jason Lewis (jlewis
packetnexus.com)
Date: Tue Nov 29 2005 - 20:54:28 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This link has info.
http://deluvian.doxpara.com/
Alexander Klimov wrote:
> We see some random DNS queries: 209.200.168.66 routinely asks us about
>
> license.sunncomm2.com
> connected.sonymusic.com
> updates.xcp-aurora.com
> r1x.myz.info
> a.botdot.tk
> brandonsisco.com
> <some-base64-like-here>.deluvian.doxpara.com
> <some-base64-like-here>.<digits-here>.maddns.net
> etc.
>
> And it looks like we are not the only target:
> <http://www.google.com/search?q=%22209.200.168.66%22>
>
> There are only few requests per hour, but this is a steady stream
> since the beginning of the month (plus there was some portscan with
> even slower rate). We can easily block them by firewall, but it is
> interesting what they actually try to acheive?
>
> I know about sonymusic rootkit search, but what about the other sites?
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]