Anyone have any idea why a host from IANA would be scanning DNS servers? ;; AUTHORITY SECTION: 4.32.198.in-addr.arpa. 10551 IN SOA dot.ip4.int. hostmaster.ip4.int. 1928630 10800 900 604800 86400 10/03-01:29:45.947001 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33581&protocol=UDP>33581 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-01:29:46.257443 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39050&protocol=TCP>39050 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-01:29:46.544719 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33623&protocol=UDP>33623 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-01:29:47.067072 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39057&protocol=TCP>39057 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-01:57:47.356984 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=56229&protocol=UDP>56229 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-01:57:47.762762 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46196&protocol=TCP>46196 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-02:01:02.332948 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=36697&protocol=UDP>36697 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-02:01:02.739583 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47061&protocol=TCP>47061 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-02:01:59.042381 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39008&protocol=UDP>39008 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-02:01:59.455718 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47296&protocol=TCP>47296 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-02:05:01.297316 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46251&protocol=UDP>46251 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-02:05:01.710271 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48067&protocol=TCP>48067 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-02:05:28.770286 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47507&protocol=UDP>47507 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-02:05:29.326121 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48191&protocol=TCP>48191 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-02:05:44.704398 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48082&protocol=UDP>48082 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-02:05:45.755863 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48244&protocol=TCP>48244 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 10/03-02:10:20.499887 [**] [1:1616:4] <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named version attempt [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=57711&protocol=UDP>57711 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 10/03-02:10:20.906450 [**] [1:255:8] <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone transfer TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=49232&protocol=TCP>49232 -> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
On Fri, Oct 03, 2003 at 09:25:16AM -0400, Andrew Fried wrote:
Anyone have any idea why a host from IANA would be scanning DNS servers?
Yes, and has been going on for years and years and .. See link: http://www.isi.edu/~bmanning/in-addr-audit.html
On Fri, Oct 03, 2003 at 09:30:57AM -0400, Jared Mauch wrote:
On Fri, Oct 03, 2003 at 09:25:16AM -0400, Andrew Fried wrote:
Anyone have any idea why a host from IANA would be scanning DNS servers?
Yes, and has been going on for years and years and ..
See link:
current link is: http://www.ep.net/in-addr-audit.html --bill
Hello Andrew, This is not being done by the IANA or from an IANA machine. This is something being carried out by epnet I believe John crain Friday, October 03, 2003 AF> Anyone have any idea why a host from IANA would be scanning DNS servers? AF> ;; AUTHORITY SECTION: AF> 4.32.198.in-addr.arpa. 10551 IN SOA dot.ip4.int. AF> hostmaster.ip4.int. 1928630 10800 900 604800 86400 AF> 10/03-01:29:45.947001 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33581&protocol=UDP>33581 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-01:29:46.257443 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39050&protocol=TCP>39050 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-01:29:46.544719 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33623&protocol=UDP>33623 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-01:29:47.067072 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39057&protocol=TCP>39057 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-01:57:47.356984 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=56229&protocol=UDP>56229 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-01:57:47.762762 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46196&protocol=TCP>46196 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:01:02.332948 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=36697&protocol=UDP>36697 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:01:02.739583 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47061&protocol=TCP>47061 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:01:59.042381 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39008&protocol=UDP>39008 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:01:59.455718 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47296&protocol=TCP>47296 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:05:01.297316 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46251&protocol=UDP>46251 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:05:01.710271 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48067&protocol=TCP>48067 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:05:28.770286 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47507&protocol=UDP>47507 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:05:29.326121 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48191&protocol=TCP>48191 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:05:44.704398 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48082&protocol=UDP>48082 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:05:45.755863 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48244&protocol=TCP>48244 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:10:20.499887 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=57711&protocol=UDP>57711 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:10:20.906450 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=49232&protocol=TCP>49232 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
true enough. when it first was initiated, back in 1997, it was an IANA chartered activity. It is not now, nor ever has been run on IANA machines. If you have specific questions, I'd be pleased to talk about them off-list. --bill manning 310.322.8102
Hello Andrew,
This is not being done by the IANA or from an IANA machine.
This is something being carried out by epnet I believe
John crain
Friday, October 03, 2003
AF> Anyone have any idea why a host from IANA would be scanning DNS servers?
AF> ;; AUTHORITY SECTION: AF> 4.32.198.in-addr.arpa. 10551 IN SOA dot.ip4.int. AF> hostmaster.ip4.int. 1928630 10800 900 604800 86400
AF> 10/03-01:29:45.947001 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33581&protocol=UDP>33581 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-01:29:46.257443 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39050&protocol=TCP>39050 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.21.html>63.105.37.21:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-01:29:46.544719 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=33623&protocol=UDP>33623 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-01:29:47.067072 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39057&protocol=TCP>39057 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-01:57:47.356984 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=56229&protocol=UDP>56229 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-01:57:47.762762 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46196&protocol=TCP>46196 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:01:02.332948 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=36697&protocol=UDP>36697 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:01:02.739583 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47061&protocol=TCP>47061 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:01:59.042381 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=39008&protocol=UDP>39008 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:01:59.455718 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47296&protocol=TCP>47296 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:05:01.297316 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=46251&protocol=UDP>46251 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:05:01.710271 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48067&protocol=TCP>48067 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:05:28.770286 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=47507&protocol=UDP>47507 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:05:29.326121 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48191&protocol=TCP>48191 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:05:44.704398 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48082&protocol=UDP>48082 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:05:45.755863 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=48244&protocol=TCP>48244 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53 AF> 10/03-02:10:20.499887 [**] [1:1616:4] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-1616.html>DNS named AF> version attempt [**] [Classification: Attempted Information Leak] AF> [Priority: 2] {UDP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=57711&protocol=UDP>57711 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=UDP>53 AF> 10/03-02:10:20.906450 [**] [1:255:8] AF> <http://10.192.0.110/198/32/4/../../../sig/sigsid-255.html>DNS zone AF> transfer TCP [**] [Classification: Attempted Information Leak] [Priority: AF> 2] {TCP} AF> <http://10.192.0.110/198/32/4/../../../198/32/4/src198.32.4.13.html>198.32.4.13:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=49232&protocol=TCP>49232 ->> AF> <http://10.192.0.110/198/32/4/../../../63/105/37/dest63.105.37.20.html>63.105.37.20:<http://www.portsdb.org/bin/portsdb.cgi?portnumber=53&protocol=TCP>53
participants (5)
-
Andrew Fried
-
bmanning@karoshi.com
-
bmanning@vacation.karoshi.com
-
Jared Mauch
-
John L Crain