From owner-freebsd-security@FreeBSD.ORG Thu Jul 30 15:15:04 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2018B106564A for ; Thu, 30 Jul 2009 15:15:04 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) by mx1.freebsd.org (Postfix) with ESMTP id 137898FC13 for ; Thu, 30 Jul 2009 15:15:03 +0000 (UTC) (envelope-from marquis@roble.com) Date: Thu, 30 Jul 2009 07:58:17 -0700 (PDT) From: Roger Marquis To: freebsd-security@freebsd.org In-Reply-To: <20090730120034.CD75610656CE@hub.freebsd.org> References: <20090730120034.CD75610656CE@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Message-Id: <20090730145817.C45772B2157@mx5.roble.com> Subject: DNS probe sources X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jul 2009 15:15:04 -0000 These source addresses are likely spoofed, but am still curious whether other FreeBSD admins saw a preponderance of DNS probes originating from Microsoft corp subnets ahead of the recent ISC bind vulnerability announcement? Roger Marquis Jul 28 16:51:23 PDT named[...]: client 94.245.67.253#10546: query (cache) 'output.txt/A/IN' denied Jul 28 16:51:23 PDT named[...]: client 94.245.67.253#10543: query (cache) 'output.txt/A/IN' denied Jul 28 16:51:18 PDT named[...]: client 94.245.67.253#10546: query (cache) 'output.txt/A/IN' denied Jul 28 16:51:18 PDT named[...]: client 94.245.67.253#10543: query (cache) 'output.txt/A/IN' denied Jul 28 16:51:13 PDT named[...]: client 94.245.67.253#10546: query (cache) 'output.txt/A/IN' denied Jul 28 16:51:13 PDT named[...]: client 94.245.67.253#10543: query (cache) 'output.txt/A/IN' denied Jul 28 16:51:08 PDT named[...]: client 94.245.67.253#10370: query (cache) '>/A/IN' denied Jul 28 16:51:08 PDT named[...]: client 94.245.67.253#10366: query (cache) '>/A/IN' denied Jul 28 16:51:03 PDT named[...]: client 94.245.67.253#10370: query (cache) '>/A/IN' denied Jul 28 16:51:03 PDT named[...]: client 94.245.67.253#10366: query (cache) '>/A/IN' denied Jul 28 16:50:58 PDT named[...]: client 94.245.67.253#10370: query (cache) '>/A/IN' denied Jul 28 16:50:58 PDT named[...]: client 94.245.67.253#10366: query (cache) '>/A/IN' denied Jul 28 07:25:45 PDT named[...]: client 207.46.57.240#37973: query (cache) 'output.txt/A/IN' denied Jul 28 07:25:45 PDT named[...]: client 207.46.57.240#37959: query (cache) '>/A/IN' denied ... Jul 27 23:24:47 PDT named[...]: client 94.245.67.253#55561: query (cache) 'output.txt/A/IN' denied Jul 27 23:24:32 PDT named[...]: client 94.245.67.253#55354: query (cache) '>/A/IN' denied Jul 27 15:10:33 PDT named[...]: client 207.46.57.240#17255: query (cache) 'output.txt/A/IN' denied Jul 27 15:10:33 PDT named[...]: client 207.46.57.240#17242: query (cache) '>/A/IN' denied ... Jul 24 07:21:22 PDT named[...]: client 94.245.67.253#15828: query (cache) 'output.txt/A/IN' denied Jul 24 07:21:07 PDT named[...]: client 94.245.67.253#15637: query (cache) '>/A/IN' denied Jul 24 06:10:30 PDT named[...]: client 207.46.57.240#59717: query (cache) 'output.txt/A/IN' denied Jul 24 06:10:30 PDT named[...]: client 207.46.57.240#59707: query (cache) '>/A/IN' denied ...