Security Incidents mailing list archives

Re: Weird DNS scans

From: Ryan Russell <ryan () securityfocus com>
Date: Fri, 5 Oct 2001 10:30:56 -0600 (MDT)

On Fri, 5 Oct 2001, Seth Milder wrote:

I am getting a ton of DNS scans from what seem to be all BSDI machines
and all from China (so far). They are also *all* running

<SNIP>

Remote operating system guess: F5labs Big/IP HA TCP/IP Load Balancer


There's you answer right there.  They're F5 BigIP boxes.  when you visit a
site that uses them, they do some DNS queries to determine which of their
servers you're closest to.

                                        Ryan


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Weird DNS scans Seth Milder (Oct 05)
- Re: Weird DNS scans Ryan Russell (Oct 05)
- <Possible follow-ups>
- Re: Weird DNS scans Richard Smith (Oct 05)
  - Re: Weird DNS scans John Hall (Oct 06)
  - Re: Weird DNS scans Seth Milder (Oct 06)
    - Re: Weird DNS scans John Hall (Oct 08)
    - Re: Weird DNS scans Seth Milder (Oct 09)