[71987] in North American Network Operators' Group

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Persistent DNS Zone Transfer Attempts from IP 128.232.0.31

daemon@ATHENA.MIT.EDU (Aditya)
Mon Jun 28 13:47:52 2004

To: "Jon R. Kibler" <Jon.Kibler@aset.com>
Cc: nanog@merit.edu
From: Aditya <aditya@grot.org>
Date: Mon, 28 Jun 2004 13:43:48 -0400
In-Reply-To: <40DD93F4.278C55F@aset.com> ("Jon R. Kibler"'s message of "Sat,
 26 Jun 2004 11:19:16 -0400")
Errors-To: owner-nanog-outgoing@merit.edu


> On Sat, 26 Jun 2004 11:19:16 -0400, "Jon R. Kibler" <Jon.Kibler@aset.com> said:
> Greetings,

> Anyone know anything about IP 128.232.0.31?  # host 128.232.0.31
> 31.0.232.128.in-addr.arpa domain name pointer
> dns-probe.srg.cl.cam.ac.uk.
[...]
> Anyone know anything about this IP?

Keep going, they make it pretty easy to figure out what is going on:

> dig txt dns-probe.srg.cl.cam.ac.uk

; <<>> DiG 8.3 <<>> txt dns-probe.srg.cl.cam.ac.uk
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      dns-probe.srg.cl.cam.ac.uk, type = TXT, class = IN

;; ANSWER SECTION:
dns-probe.srg.cl.cam.ac.uk.  6H IN TXT  "pseudo IP address for machine doing research into DNS data"
dns-probe.srg.cl.cam.ac.uk.  6H IN TXT  "See http://www.cl.cam.ac.uk/Research/SRG/netos/adam/traffic.html for details"

;; Total query time: 1134 msec
;; FROM: mighty.grot.org to SERVER: default -- 127.0.0.1
;; WHEN: Mon Jun 28 13:42:19 2004
;; MSG SIZE  sent: 44  rcvd: 204

home	help	back	first	fref	pref	prev	next	nref	lref	last	post