A domain crawler (nothing catastrophic, just for information).
--- Begin Message ---
i have blocked a zone enumerator, though i guess they will be a
whack-a-mole
others have reported them as well
/home/randy> sudo tcpdump -pni vtnet0 -c 10 port 53 and net 193.235.141
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vtnet0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:42:39.516849 IP 193.235.141.90.32768 > 666.42.7.11.53: 14 NS? 33j4h.org.al.
(30)
22:42:39.517640 IP 193.235.141.17.32768 > 666.42.7.11.53: 14 NS?
33m6d.xn--mgbayh7gpa. (38)
22:42:39.519169 IP 193.235.141.17.32768 > 666.42.7.11.53: 14 NS? 33lxd.tn. (26)
22:42:39.520064 IP 193.235.141.171.32768 > 666.42.7.11.53: 14 NS? 33md6.jo. (26)
22:42:39.521081 IP 193.235.141.247.32768 > 666.42.7.11.53: 14 NS? 33lxd.lb. (26)
22:42:39.523981 IP 193.235.141.162.32768 > 666.42.7.11.53: 14 NS? 33pd2.az. (26)
22:42:39.525043 IP 193.235.141.60.32768 > 666.42.7.11.53: 14 NS? 33nc5.com.al.
(30)
22:42:39.526185 IP 193.235.141.209.32768 > 666.42.7.11.53: 14 NS? 33nc5.sz. (26)
22:42:39.527931 IP 193.235.141.150.32768 > 666.42.7.11.53: 14 NS? 33q5p.com.al.
(30)
22:42:39.529516 IP 193.235.141.210.32768 > 666.42.7.11.53: 14 NS? 33qbq.com.al.
(30)
10 packets captured
124 packets received by filter
0 packets dropped by kernel
inetnum: 193.235.141.0 - 193.235.141.255
netname: domaincrawler-hosting
descr: domaincrawler hosting
org: ORG-ABUS1196-RIPE
country: SE
admin-c: VIJE1-RIPE
tech-c: VIJE1-RIPE
status: ASSIGNED PA
notify: c+1...@resilans.se
mnt-by: RESILANS-MNT
mnt-routes: ETTNET-LIR
created: 2008-04-03T11:21:00Z
last-modified: 2017-04-10T12:47:06Z
source: RIPE
randy
--- End Message ---
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
