[7313] in North American Network Operators' Group
Re: comprehensive DNS scans from dao.andromedia.com
daemon@ATHENA.MIT.EDU (Kevin Hoadley)
Wed Jan 29 05:11:18 1997
To: Craig Nordin <cnordin@vni.net>
cc: nanog@merit.edu
In-reply-to: Your message of "Tue, 28 Jan 1997 21:47:15 EST." <199701290247.VAA02557@hq.vni.net>
Date: Wed, 29 Jan 1997 10:07:03 +0000
From: Kevin Hoadley <K.Hoadley@nosc.ja.net>
> Is anyone else seeing DNS ("ls") scan/requests from dao.andromedia.com ?
>
> I have them blocked, but I'm curious as to what they are up to. I asked
> once, and they said that they were analyzing the dial-up IP addresses that
> were hitting their web pages -- but they are slowly going over hundreds
> and hundreds of domain names under our control.
Three weeks back dao.andromedia.com tried a web scan of every machine within
one of our domains. When asked why, their initial response was that they were
mistakenly trying to access an old University e-mail account within the UK.
They then amended this to explain that they were checking everyone who
hit their web site - the same excuse they gave you. However given
the machines they tried talking to included both routers and ATM switches,
this seems just a tad far-fetched ...
I can't see that they did any damage, or generated enough junk traffic, for
this to be a serious operational issue ... more educational perhaps.
Kevin Hoadley, JANET
