Ttl values for the arpa space is 4 hours. It looks and feels like a
concerted nmap scan of arpa space hosted on our authoritative servers
triggered by a singular trigger. Different sets of authoritative servers
hosting different arpa space are similarly seeing the same thing with an
offset 16 hou
In article ,
jm9386 wrote:
> also the vast majority - over 95% of the queries we are seeing are coming
> from open resolvers on the Internet - distributed all over the world. It
> seems awfully suspicious for resolvers all over the world to decide to query
> PTR records for our ISP related in-a
also the vast majority - over 95% of the queries we are seeing are coming
from open resolvers on the Internet - distributed all over the world. It
seems awfully suspicious for resolvers all over the world to decide to query
PTR records for our ISP related in-addr.arpa space every 16 hours.
--
S
We have been noticing repeated LARGE spikes in in-addr.arpa queries for PTR
records in arpa zones we are authoritative for. It looks like network
scanning, or data mining, perhaps nmap processes or something. It started
roughly beginning of December and re-occurs roughly every 16 hours. Im
wond
4 matches
Mail list logo
