North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: comprehensive DNS scans from

  • From: Kevin Hoadley
  • Date: Wed Jan 29 05:08:33 1997

> Is anyone else seeing DNS ("ls") scan/requests from ?
> I have them blocked, but I'm curious as to what they are up to.  I asked
> once, and they said that they were analyzing the dial-up IP addresses that
> were hitting their web pages -- but they are slowly going over hundreds
> and hundreds of domain names under our control.

Three weeks back tried a web scan of every machine within
one of our domains. When asked why, their initial response was that they were
mistakenly trying to access an old University e-mail account within the UK.
They then amended this to explain that they were checking everyone who
hit their web site - the same excuse they gave you. However given
the machines they tried talking to included both routers and ATM switches,
this seems just a tad far-fetched ...

I can't see that they did any damage, or generated enough junk traffic, for
this to be a serious operational issue ... more educational perhaps.

Kevin Hoadley, JANET
- - - - - - - - - - - - - - - - -