Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Strange DNS queries
From: Jason Lewis <jlewis () packetnexus com>
Date: Tue, 29 Nov 2005 21:54:28 -0500
This link has info.

http://deluvian.doxpara.com/


Alexander Klimov wrote:

We see some random DNS queries: 209.200.168.66 routinely asks us about

license.sunncomm2.com
connected.sonymusic.com
updates.xcp-aurora.com
r1x.myz.info
a.botdot.tk
brandonsisco.com
<some-base64-like-here>.deluvian.doxpara.com
<some-base64-like-here>.<digits-here>.maddns.net
etc.

And it looks like we are not the only target:
<http://www.google.com/search?q=%22209.200.168.66%22>

There are only few requests per hour, but this is a steady stream
since the beginning of the month (plus there was some portscan with
even slower rate).  We can easily block them by firewall, but it is
interesting what they actually try to acheive?

I know about sonymusic rootkit search, but what about the other sites?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]