[71945] in North American Network Operators' Group
Persistent DNS Zone Transfer Attempts from IP 128.232.0.31
daemon@ATHENA.MIT.EDU (Jon R. Kibler)
Sat Jun 26 11:18:45 2004
Date: Sat, 26 Jun 2004 11:19:16 -0400
From: "Jon R. Kibler" <Jon.Kibler@aset.com>
To: nanog@nanog.org
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format...
------------=_1088263070-14272-604
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Greetings,
Anyone know anything about IP 128.232.0.31?
> # host 128.232.0.31
> 31.0.232.128.in-addr.arpa domain name pointer dns-probe.srg.cl.cam.ac.uk.
>
We have been getting persistent zone transfer attempts that originate from this IP address. We have had repeated zone transfer attempts against all of our DNS zones -- and against all 7 name servers that we manage. This has been going on now for about a month or two -- more or less. Recently, we have also seen attempts to do zone transfers for non-authoritative domains. Logging shows that this IP apparently never attempts to make legitimate DNS queries, only zone transfers.
Anyone know anything about this IP?
Anyone else have the appropriate logging enabled and also seeing this IP make zone transfer attempts?
Thoughts/comments/suggestions?
Thanks!
Jon
--
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC USA
(843) 849-8214
==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
------------=_1088263070-14272-604--
