North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Persistent DNS Zone Transfer Attempts from IP 128.232.0.31

  • From: Aditya
  • Date: Mon Jun 28 13:49:50 2004

> On Sat, 26 Jun 2004 11:19:16 -0400, "Jon R. Kibler" <[email protected]> said:
> Greetings,

> Anyone know anything about IP 128.232.0.31?  # host 128.232.0.31
> 31.0.232.128.in-addr.arpa domain name pointer
> dns-probe.srg.cl.cam.ac.uk.
[...]
> Anyone know anything about this IP?

Keep going, they make it pretty easy to figure out what is going on:

> dig txt dns-probe.srg.cl.cam.ac.uk

; <<>> DiG 8.3 <<>> txt dns-probe.srg.cl.cam.ac.uk
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      dns-probe.srg.cl.cam.ac.uk, type = TXT, class = IN

;; ANSWER SECTION:
dns-probe.srg.cl.cam.ac.uk.  6H IN TXT  "pseudo IP address for machine doing research into DNS data"
dns-probe.srg.cl.cam.ac.uk.  6H IN TXT  "See http://www.cl.cam.ac.uk/Research/SRG/netos/adam/traffic.html for details"

;; Total query time: 1134 msec
;; FROM: mighty.grot.org to SERVER: default -- 127.0.0.1
;; WHEN: Mon Jun 28 13:42:19 2004
;; MSG SIZE  sent: 44  rcvd: 204