Is Muddleworks scanning your DNS too?
Danny Mayer
mayer at gis.net
Thu Nov 28 00:13:11 UTC 2002
At 11:38 AM 11/27/02, Nate Campi wrote:
>On Wed, Nov 27, 2002 at 06:43:01AM -0800, Baby Peanut wrote:
> >
> > We have a few Internet nameservers on different networks hosting
> > different zones. We get scanned by 207.5.180.138. It walks through
> > PTR queries incrementing the last octet from 0 to 255 regardless of
> > the rest of the address.
> >
> > Does it happen to your servers too?
> >
> > Who is Muddleworks and what do they do?
>
>Sounds like a DNS survey, and not a very stealthy one. The ISC's survey
>isn't so easy to detect:
>
> http://www.isc.org/ds/new-survey.html
I know of at least two others going on:
1) Bill Manning was going to do another survey of the reverse DNS tree
2) DJB said he was also going to one.
I was also notified that there is an NTP survey going on run by a couple
of MIT students. See: http://ntp-survey.mit.edu for details. From their
message:
>Our basic intent is to retrieve a list of the other NTP servers and
>clients that each server knows about, and query each of those, basically
>spidering the entire NTP network in an attempt to discover all NTP servers
>and clients in the public internet domain.
>
>You probably won't see too many probes from us, no more than 7 (3
>version 7, 4 version 6) NTP queries. The probes should come from
>18.243.0.83 -- ntp-survey.mit.edu
Danny
More information about the bind-users
mailing list