Adrian von Bidder wrote:
Yo!
I'm seeing some (ca. 5-10 packets per second) DNS abuse from 210.21.4.130,
207.236.176.10 and 207.236.176.26, at least since yesterday afternoon. I'm
seeing TCP SYN requests (to port 53) with nothing to follow, so it quite
fills up the connection table for new conncetions...
Anybody sees this, too?
greetings
-- vbi
no, but here's some info on them:
hinfo 210.21.4.130
Processing 210.21.4.130 (210.21.4.130)
210.21.4.130 is gz1-dns.gdgz.cncnet.net.
gz1-dns.gdgz.cncnet.net. is in Abuse.net Contacts as 0.0.0.3
"[EMAIL PROTECTED]"
"[EMAIL PROTECTED]"
"[EMAIL PROTECTED]"
gz1-dns.gdgz.cncnet.net. is in rfc-ignorant abuse as 127.0.0.4
210.21.4.130 is in Blars Block List as 127.1.0.33
Spam sending domain
Hosts spamers web sites
210.21.4.130 is in Five-Ten-SG Blackholes as 127.0.0.2
spam source
210.21.4.130 is in SpamBag as 127.0.0.2
"Blocked - see
http://www.spambag.org/cgi-bin/spambag?mailfrom=cncgroup";
210.21.4.130 is in cn-kr.blackholes.us as 127.0.0.2
"China blocked by cn-kr.blackholes.us"
210.21.4.130 is in jammconsulting as 127.0.0.20
210.21.4.130 is in sorbs as 127.0.0.6
"Spam Received See: http://www.sorbs.net/lookup.shtml?210.21.4.130";
210.21.4.130 is in spews level 1 as 127.0.0.2
"! [1] Robert Martino, see http://spews.org/ask.cgi?S711";
210.21.4.130 is in spews level 2 as 127.0.0.2
"! [1] Robert Martino, see http://spews.org/ask.cgi?S711";
"!!!!!!! [2] UltimateDiets, see http://spews.org/ask.cgi?S1100";
210.21.4.130 in ASN17622 210.21.0.0/17
IPQuery: 210.21.4.130 Server: whois.apnic.net
dig -x 207.236.176.10
; <<>> DiG 9.3.1 <<>> -x 207.236.176.10
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9711
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;10.176.236.207.in-addr.arpa. IN PTR
;; ANSWER SECTION:
10.176.236.207.in-addr.arpa. 3600 IN CNAME
10.0/27.176.236.207.in-addr.arpa.
10.0/27.176.236.207.in-addr.arpa. 86400 IN PTR nsctor3.bellnexxia.net.
;; AUTHORITY SECTION:
0/27.176.236.207.in-addr.arpa. 86400 IN NS ns3.bellglobal.com.
0/27.176.236.207.in-addr.arpa. 86400 IN NS ns4.bellglobal.com.
;; Query time: 3940 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Jul 26 10:00:10 2005
;; MSG SIZE rcvd: 153
hinfo 207.236.176.10
Processing 207.236.176.10 (207.236.176.10)
207.236.176.10 is nsctor3.bellnexxia.net.
nsctor3.bellnexxia.net. is in Abuse.net Contacts as 0.0.0.1
"[EMAIL PROTECTED]"
nsctor3.bellnexxia.net. is in rfc-ignorant whois as 127.0.0.5
207.236.176.10 in ASN577 207.236.0.0/16
IPQuery: 207.236.176.10 Server: whois.arin.net
Bell Canada BELLGLOBAL-2 (NET-207-236-0-0-1)
207.236.0.0 - 207.236.255.255
hinfo 207.236.176.26
Processing 207.236.176.26 (207.236.176.26)
207.236.176.26 is nsctor8.bellnexxia.net.
nsctor8.bellnexxia.net. is in Abuse.net Contacts as 0.0.0.1
"[EMAIL PROTECTED]"
nsctor8.bellnexxia.net. is in rfc-ignorant whois as 127.0.0.5
207.236.176.26 in ASN577 207.236.0.0/16
IPQuery: 207.236.176.26 Server: whois.arin.net
Refering data:
Bell Canada BELLGLOBAL-2 (NET-207-236-0-0-1)
207.236.0.0 - 207.236.255.255
Firmbuy Inc FIRMBUY-CA (NET-207-236-176-0-1)
207.236.176.0 - 207.236.176.255
Nic Handle Info:
OrgName: Bell Canada
OrgID: LINX
Address:
City: Toronto
StateProv: ON
PostalCode: K1G-3J4
Country: CA
NetRange: 207.236.0.0 - 207.236.255.255
CIDR: 207.236.0.0/16
NetName: BELLGLOBAL-2
NetHandle: NET-207-236-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.BELLGLOBAL.COM
NameServer: NS2.BELLGLOBAL.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1996-10-28
Updated: 2000-05-26
Bell Canada BELLGLOBAL-2 (NET-207-236-0-0-1)
207.236.0.0 - 207.236.255.255
Firmbuy Inc FIRMBUY-CA (NET-207-236-176-0-1)
207.236.176.0 - 207.236.176.255
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
