Is Muddleworks scanning your DNS too?
Pete Ehlke
pde at ehlke.net
Wed Nov 27 16:44:39 UTC 2002
On Wed, Nov 27, 2002 at 06:43:01AM -0800, Baby Peanut wrote:
>
> We have a few Internet nameservers on different networks hosting
> different zones. We get scanned by 207.5.180.138. It walks through
> PTR queries incrementing the last octet from 0 to 255 regardless of
> the rest of the address.
>
> Does it happen to your servers too?
>
> Who is Muddleworks and what do they do?
>
> $ whois -a 207.5.180.138
> Great Works Internet GWI-BLK-1 (NET-207-5-128-0-1)
> 207.5.128.0 - 207.5.255.255
> Muddleworks GWI-MUDDLEWORKS-BLK-1 (NET-207-5-180-0-1)
> 207.5.180.0 - 207.5.180.255
>
I've seen this, too. They seem to be building some sort of local
database of the in-addr.arpa tree, for what purpose I'm not sure.
I'm Cc-ing muddleworks on this message. Folks, walking the in-addr.arpa
tree like this can be seen as hostile. An explanation posted to
bind-users at isc.org and a (conspicuously linked) page on your web server
would probably be a very good PR move...
-Pete
More information about the bind-users
mailing list