DNS probe sources

Roger Marquis marquis at roble.com
Thu Jul 30 15:15:04 UTC 2009 

These source addresses are likely spoofed, but am still curious whether
other FreeBSD admins saw a preponderance of DNS probes originating from
Microsoft corp subnets ahead of the recent ISC bind vulnerability
announcement?

Roger Marquis


  Jul 28 16:51:23 PDT named[...]: client 94.245.67.253#10546: query (cache) 'output.txt/A/IN' denied
  Jul 28 16:51:23 PDT named[...]: client 94.245.67.253#10543: query (cache) 'output.txt/A/IN' denied
  Jul 28 16:51:18 PDT named[...]: client 94.245.67.253#10546: query (cache) 'output.txt/A/IN' denied
  Jul 28 16:51:18 PDT named[...]: client 94.245.67.253#10543: query (cache) 'output.txt/A/IN' denied
  Jul 28 16:51:13 PDT named[...]: client 94.245.67.253#10546: query (cache) 'output.txt/A/IN' denied
  Jul 28 16:51:13 PDT named[...]: client 94.245.67.253#10543: query (cache) 'output.txt/A/IN' denied
  Jul 28 16:51:08 PDT named[...]: client 94.245.67.253#10370: query (cache) '>/A/IN' denied
  Jul 28 16:51:08 PDT named[...]: client 94.245.67.253#10366: query (cache) '>/A/IN' denied
  Jul 28 16:51:03 PDT named[...]: client 94.245.67.253#10370: query (cache) '>/A/IN' denied
  Jul 28 16:51:03 PDT named[...]: client 94.245.67.253#10366: query (cache) '>/A/IN' denied
  Jul 28 16:50:58 PDT named[...]: client 94.245.67.253#10370: query (cache) '>/A/IN' denied
  Jul 28 16:50:58 PDT named[...]: client 94.245.67.253#10366: query (cache) '>/A/IN' denied
  Jul 28 07:25:45 PDT named[...]: client 207.46.57.240#37973: query (cache) 'output.txt/A/IN' denied
  Jul 28 07:25:45 PDT named[...]: client 207.46.57.240#37959: query (cache) '>/A/IN' denied
  ...
  Jul 27 23:24:47 PDT named[...]: client 94.245.67.253#55561: query (cache) 'output.txt/A/IN' denied
  Jul 27 23:24:32 PDT named[...]: client 94.245.67.253#55354: query (cache) '>/A/IN' denied
  Jul 27 15:10:33 PDT named[...]: client 207.46.57.240#17255: query (cache) 'output.txt/A/IN' denied
  Jul 27 15:10:33 PDT named[...]: client 207.46.57.240#17242: query (cache) '>/A/IN' denied
  ...
  Jul 24 07:21:22 PDT named[...]: client 94.245.67.253#15828: query (cache) 'output.txt/A/IN' denied
  Jul 24 07:21:07 PDT named[...]: client 94.245.67.253#15637: query (cache) '>/A/IN' denied
  Jul 24 06:10:30 PDT named[...]: client 207.46.57.240#59717: query (cache) 'output.txt/A/IN' denied
  Jul 24 06:10:30 PDT named[...]: client 207.46.57.240#59707: query (cache) '>/A/IN' denied
  ...

More information about the freebsd-security mailing list