[dns-operations] DNS Queries from some 8.0/16 ranges

Fri May 28 21:02:20 UTC 2010

On May 28, 2010, at 2:27 PM, Sam Norris wrote:

> Hey all,
>
> I am investigating something curious and wondered if anyone out  
> there knows anything about these ranges?
>
> Query_Count Range
> 18804 8.0.10.x/24
> 17332 8.0.11.x/24
> 21841 8.0.14.x/24
> 17059 8.0.15.x/24
> 38549 8.0.22.x/24
> 33730 8.0.23.x/24
> 8687 8.0.28.x/24
> 7873 8.0.29.x/24
> 5618 8.0.30.x/24
> 5864 8.0.31.x/24
> 80595 8.0.35.x/24
> 9722 8.0.36.x/24
> 12609 8.0.37.x/24
> 13037 8.0.38.x/24
> 16141 8.0.39.x/24
> 10312 8.0.4.x/24
> 11225 8.0.5.x/24
> 10954 8.0.6.x/24
> 12429 8.0.7.x/24
>
> We are seeing all 255 addresses in each range performing DNS queries  
> to our authoritative servers.  I am trying to determine what the  
> sources are, here are my thoughts:
>
> 1 - natted / rotated backend queries from Google's public recursive  
> servers?

'tis not that....

> Or other researchers?
>
> 2 - spoofed udp sources from hackers trying to inject false queries  
> into our logs?

I'd suspect spoofed queries from *something*, but no idea why...

>
> 3 - SIE related ?
>
> Does anyone know what's behind these ranges?
>
> Thx,
> Sam
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

--
There were such things as dwarf gods. Dwarfs were not a naturally  
religious species, but in a world where pit props could crack without  
warning and pockets of fire damp could suddenly explode they'd seen  
the need for gods as the sort of supernatural equivalent of a hard  
hat. Besides, when you hit your thumb with an eight-pound hammer it's  
nice to be able to blaspheme. It takes a very special and straong- 
minded kind of atheist to jump up and down with their hand clasped  
under their other armpit and shout, "Oh, random-fluctuations-in-the- 
space-time-continuum!" or "Aaargh, primitive-and-outmoded-concept on a  
crutch!"
   -- Terry Pratchett