Re: Unwanted DNS connection attempts

[Richard Bejtlich <bejtlich () ALTAVISTA NET>]

AJ,

Just to clarify -- Alex wrote the initial post, 
and I made the first reply.

Thanks for doing the IP resolution legwork.  Now 
that we know Starmedia is involved, I know for a 
fact that this is load balancing.  I dealt with 
this company personally last year regarding the 
same sort of traffic, then from New Jersey and 
Brazil.  Exodus is Starmedia's service provider.  
I can dig up the emails from Starmedia's tech 
support if needed.  Alex's .ro address is not 
necessarily relevant as the destination, as a 
person connecting to a Starmedia server could be 
located anywhere with similar results.

Richard


> Alex,
>
> I beg to differ on your last sentence.  
Richard's email addy was .ro, which
> matches with the destination IP of 
192.129.3.227.
> The first IP listed above, 200.211.187.194, 
ARINs to a co. in San Paulo, Brazil.
> The second IP, 209.67.42.162, is indeed under 
Exodus, but "belongs" to a company
> in New York called "Starmedia".
>
> I wouldn't blame Exodus for this.  Not entirely 
at least.  From what I recall of
> glancing around in the 2 Exodus centers I've 
been in, I don't recall seeing any
> F5 hardware.
>
> Others in that block follow suit.
>
> -aj.