Security Incidents mailing list archives
Re: Weird DNS scans
From: Ryan Russell <ryan () securityfocus com>
Date: Fri, 5 Oct 2001 10:30:56 -0600 (MDT)
On Fri, 5 Oct 2001, Seth Milder wrote:
I am getting a ton of DNS scans from what seem to be all BSDI machines and all from China (so far). They are also *all* running
<SNIP>
Remote operating system guess: F5labs Big/IP HA TCP/IP Load Balancer
There's you answer right there. They're F5 BigIP boxes. when you visit a site that uses them, they do some DNS queries to determine which of their servers you're closest to. Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Weird DNS scans Seth Milder (Oct 05)
- Re: Weird DNS scans Ryan Russell (Oct 05)
- <Possible follow-ups>
- Re: Weird DNS scans Richard Smith (Oct 05)
- Re: Weird DNS scans John Hall (Oct 06)
- Re: Weird DNS scans Seth Milder (Oct 06)
- Re: Weird DNS scans John Hall (Oct 08)
- Re: Weird DNS scans Seth Milder (Oct 09)