isc and other hosts connecting to my NS
Kevin Darcy
kcd at chrysler.com
Wed Oct 8 00:56:49 UTC 2008
Jeremy C. Reed wrote:
> On Tue, 7 Oct 2008, Kevin Darcy wrote:
>
>
>>> Look at the http:// website at the IP in the original email and then look
>>> at the links at the bottom of that same webpage for even more details.
>>>
>>>
>> You mean, the web page that you have to access via an embedded-IP URL,
>> that talks mainly about a DNS scan in 2005, originating from the
>> 209.200.133.224/27 netblock?
>>
>
> The webpage I saw today has recent details (and is not from ISC).
>
The most recent DNS-specific reference I see on that webpage is to a
"small DNS scan" (12-Apr-2008) and claims to only be hitting "known DNS
servers", whatever that means.
The main DNS scan mentioned on the webpage supposedly occurred in 2005.
No indications are given that the scans are continuing indefinitely.
The IP address of the scanner is in ISC's netblock, and ISC controls the
reverse DNS.
Frankly, I think this is bordering on anti-social. It smells like
someone left the scanning tool on autopilot and couldn't be bothered
publishing reverse DNS for the scanner address or keeping the website
updated.
- Kevin
More information about the bind-users
mailing list