Security Incidents mailing list archives
Re: Large DNS scans from 211.53.208.178
From: Dave_Chen () ACML COM (Chen, Dave)
Date: Wed, 3 May 2000 12:26:07 -0400
Let us not classify scans by country. IMHO, anyone who is doing a scan is hostile, be it from a foreign country or my back yard. It is like someone trying your door to see if it is lock, but no one should have any business to check the lock of my door unless I authorize it. Granted it is not a high level risk, but any scan of your system is an alert that requires your attention. Dave Chen Alliance Capital ---------------------- Forwarded by Dave Chen/New York/ACMC on 05/03/2000 12:18 PM --------------------------- Fernando Cardoso <fernando () BN PT> on 05/02/2000 05:42:49 AM Please respond to Fernando Cardoso <fernando () BN PT> To: INCIDENTS () SECURITYFOCUS COM cc: (bcc: Dave Chen/New York/ACMC) Subject: Re: Large DNS scans from 211.53.208.178 Korea is a classic :) These days Brazil is becoming also a must. This weekend we have DNS scans (zone transfers and/or version query) from dial-up accounts in Portugal, Taiwan and Brazil and from a (surely) compromised server in Brazil. Also probes for IMAP2 and Portmapper and the usual CGI scanning. A normal weekend ;) ______________________________________________ Fernando Cardoso Network Administrator National Library of Portugal
-----Original Message----- From: alann lopes [mailto:alopes () UCSD EDU] Sent: s
¨¢bado, 29 de Abril de 2000 0:39
To: INCIDENTS () SECURITYFOCUS COM Subject: Large DNS scans from 211.53.208.178 We are seeing a substantial scans of DNS from 211.53.208.178 apparently from Korea... Anyone else? Thank you -- alann ====================================================================== Apr 28 12:23:44 PDT tcp 211.53.208.178(4147) ->132.239.242.207(53), 1 Apr 28 12:23:46 PDT tcp 211.53.208.178(4140) ->132.239.242.202(53), 1 Apr 28 12:23:52 PDT tcp 211.53.208.178(4142) ->132.239.242.203(53), 1 Apr 28 15:07:24 PDT tcp 211.53.208.178(1987) ->132.239.242.206(53), 1 Apr 28 15:07:32 PDT tcp 211.53.208.178(1963) ->132.239.242.195(53), 1 Apr 28 15:07:44 PDT tcp 211.53.208.178(1960) ->132.239.242.192(53), 1 ======================================================================
Current thread:
- more weird traceroutes, (continued)
- more weird traceroutes Donald McLachlan (May 02)
- Re: more weird traceroutes Chad Thunberg (May 02)
- Re: Large DNS scans from 211.53.208.178 Fernando Cardoso (May 02)
- Re: Large DNS scans from 211.53.208.178 Russell Fulton (May 02)
- Re: Large DNS scans from 211.53.208.178 Ed Padin (May 02)
- Re: Large DNS scans from 211.53.208.178 Keith McCammon (May 03)
- Re: Large DNS scans from 211.53.208.178 David B. Bukowski (May 03)
- Re: Large DNS scans from 211.53.208.178 sigipp () WELLA COM BR (May 03)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (May 03)
- Re: Large DNS scans from 211.53.208.178 Greg A. Woods (May 08)
- Re: Large DNS scans from 211.53.208.178 Seth Georgion (May 03)
- Re: Large DNS scans from 211.53.208.178 Chen, Dave (May 03)
- Re: Large DNS scans from 211.53.208.178 Igor Gashinsky (May 03)
- Re: Large DNS scans from 211.53.208.178 Keith Owens (May 06)
- more weird traceroutes Donald McLachlan (May 02)