|
Security Incidents
mailing list archives
Re: Weird DNS scans
From: Ryan Russell <ryan () securityfocus com>
Date: Fri, 5 Oct 2001 10:30:56 -0600 (MDT)
On Fri, 5 Oct 2001, Seth Milder wrote:
I am getting a ton of DNS scans from what seem to be all BSDI machines
and all from China (so far). They are also *all* running
<SNIP>
Remote operating system guess: F5labs Big/IP HA TCP/IP Load Balancer
There's you answer right there. They're F5 BigIP boxes. when you visit a
site that uses them, they do some DNS queries to determine which of their
servers you're closest to.
Ryan
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- Weird DNS scans Seth Milder (Oct 05)
- Re: Weird DNS scans Ryan Russell (Oct 05)
| 
Intro
