Security Incidents mailing list archives
Re: Large DNS scans from 211.53.208.178
From: epadin () WAGWEB COM (Ed Padin)
Date: Tue, 2 May 2000 18:45:22 -0400
It seems that a lot of crap is coming from Korea. I see a lot of attempts to TCP port 109... Which is kinda silly. There was discussion on this earlier. It seems that blocking all of korea (and demon internet in the UK?) might be a good idea. I think that the koreans have been hit hard by virii/trojans lately. This stuff is probably coming from compromised systems. Does anyone know where I can find a list that shows IP addresses and countries/location? I'm starting to think that I may want to start blocking access from whole address ranges to certain of my servers. There are some places on the globe with which we do no business at all. Thanks.
-----Original Message----- From: Bryan Seitz [mailto:seitz () CARTMAN EE UDEL EDU] Sent: Monday, May 01, 2000 2:07 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Large DNS scans from 211.53.208.178 On Fri, 28 Apr 2000, alann lopes wrote:We are seeing a substantial scans of DNS from 211.53.208.178 apparently from Korea... Anyone else? Thank you -- alann======================================================================Apr 28 12:23:44 PDT tcp 211.53.208.178(4147)->132.239.242.207(53), 1Apr 28 12:23:46 PDT tcp 211.53.208.178(4140)
snip
Apr 28 15:07:44 PDT tcp 211.53.208.178(1960)->132.239.242.192(53), 1======================================================================Not from that specific host, but from .kr yes... Apr 21 15:00:38 cartman /kernel: ipfw: 3500 Deny TCP 210.182.140.145:4993 128.175.200.41:53 in via xl0 Apr 28 18:02:21 cartman /kernel: ipfw: 3500 Deny TCP 210.182.66.3:1436 128.175.200.41:53 in via xl0
snip
Current thread:
- Large DNS scans from 211.53.208.178 alann lopes (Apr 28)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (Apr 30)
- Re: Large DNS scans from 211.53.208.178 Richard Stevenson (May 02)
- Re: Large DNS scans from 211.53.208.178 Bryan Seitz (Apr 30)
- Strange 33434/UDP traffic from MS W2k with Active Directory Eugene Taylashev (May 01)
- more weird traceroutes Donald McLachlan (May 02)
- Re: more weird traceroutes Chad Thunberg (May 02)
- <Possible follow-ups>
- Re: Large DNS scans from 211.53.208.178 Fernando Cardoso (May 02)
- Re: Large DNS scans from 211.53.208.178 Russell Fulton (May 02)
- Re: Large DNS scans from 211.53.208.178 Ed Padin (May 02)
- Re: Large DNS scans from 211.53.208.178 Keith McCammon (May 03)
- Re: Large DNS scans from 211.53.208.178 David B. Bukowski (May 03)
- Re: Large DNS scans from 211.53.208.178 sigipp () WELLA COM BR (May 03)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (May 03)
- Re: Large DNS scans from 211.53.208.178 Greg A. Woods (May 08)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (May 03)
- Re: Large DNS scans from 211.53.208.178 Chen, Dave (May 03)
- Re: Large DNS scans from 211.53.208.178 Igor Gashinsky (May 03)
- Re: Large DNS scans from 211.53.208.178 Keith Owens (May 06)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (Apr 30)