2 Jun
2008
2 Jun
'08
6:36 p.m.
Jim Wise wrote:
On Fri, 30 May 2008, Michael Still wrote:
I have seen PlanetLab experiments doing this. What are the originating IP addresses?
Three observed source addresses
208.78.169.237 204.11.51.62 194.199.24.101
Source ports are high and non-repeating. Other than the domain root, A-record queries for "google.com" and for hostnames which appear to be on the same subnet as the querying host.
Hmmm. All the PlanetLab nodes should have valid reverse DNS, which isn't the case here, so I guess it is something more malicious. Mikal