As a result of that activity the IP address has been flagged ~1300 times at MyNetwatchman (www.mynetwatchman.com) and any firewalls that use that info are now blocking access from 209.200.168.66.
Under incidents it's listed as "escalated - no response". So it will remain blocked. Ragnar Paulson The Software Group Limited ----- Original Message ----- From: "Dan Kaminsky" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, November 30, 2005 1:59 AM Subject: DNS Query Details from 209.200.168.66 > Great to find people logging DNS traffic :) As mentioned, most of the > traffic is part of a mechanism for measuring the damage from Sony's > activities. > > WRT the Base32 names-- > > The Base32 stuff is part of a technique that's attempting to decode the > actual topology of DNS. DNS servers can be configured in a forwarding > relationship, whereby instead of going up to the root servers, they > access peers. Sometimes the peer relationships can get quite complex -- > and these relationships all cause cache pollution that degrades the > quality of my Sony data. So I'm working to clean that aspect up: In > the Base32 name, there exists a cookie. The cookie documents the server > I sent a request to. I compare the stored IP with the IP that comes > back to me to resolve a query. (This technique is mentioned in my 2005 > slides, see www.doxpara.com for details). > > The other names -- email me privately for details, if you want to know. > > Let me know if you have any further queries. My research goal is to be > aware of threats to the global infrastructure, and Sony's operations do > appear to have had global consequences (and set a rather terrifying > example!). > > --Dan >
