[dns-operations] DNS Queries from some 8.0/16 ranges
Sam at ChangeIP.com
Fri May 28 18:27:36 UTC 2010
I am investigating something curious and wondered if anyone out there knows
anything about these ranges?
We are seeing all 255 addresses in each range performing DNS queries to our
authoritative servers. I am trying to determine what the sources are, here
are my thoughts:
1 - natted / rotated backend queries from Google's public recursive servers?
Or other researchers?
2 - spoofed udp sources from hackers trying to inject false queries into our
3 - SIE related ?
Does anyone know what's behind these ranges?
More information about the dns-operations