Security Incidents: Strange DNS queries

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Strange DNS queries

From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 29 Nov 2005 14:08:26 +0200 (IST)

We see some random DNS queries: 209.200.168.66 routinely asks us about

license.sunncomm2.com
connected.sonymusic.com
updates.xcp-aurora.com
r1x.myz.info
a.botdot.tk
brandonsisco.com
<some-base64-like-here>.deluvian.doxpara.com
<some-base64-like-here>.<digits-here>.maddns.net
etc.

And it looks like we are not the only target:
<http://www.google.com/search?q=%22209.200.168.66%22>

There are only few requests per hour, but this is a steady stream
since the beginning of the month (plus there was some portscan with
even slower rate).  We can easily block them by firewall, but it is
interesting what they actually try to acheive?

I know about sonymusic rootkit search, but what about the other sites?

-- 
Regards,
ASK

By Date By Thread

Current thread:

Strange DNS queries Alexander Klimov (Nov 29)
- Re: Strange DNS queries Byron Sonne (Nov 30)
- Re: Strange DNS queries Jason Lewis (Nov 30)
- Re: Strange DNS queries Felix Gröbert (Nov 30)
- <Possible follow-ups>
- Re: Strange DNS queries webadmin (Nov 30)
- Re: Re: Strange DNS queries webadmin (Nov 30)