[dns-operations] honeypot : so many bees from Amazon
gtaylor at tnetconsulting.net
Tue Mar 5 19:30:44 UTC 2019
On 03/05/2019 11:45 AM, Viktor Dukhovni wrote:
> Why would PTR lookups be assumed to be done by hackers?
My take away from Hans' message was that the domain in question was
listed in the following three places:
1) PTR records in reverse DNS zones.
2) Zones on the forward DNS servers.
3) Recursive DNS server (et al) caches.
Meaning that #1 is how the domain would get out into the wild for people
to know about it to do forward queries.
> My guess would be an academic study of the IPv4 address space. Or some
> commercial whitehat vulnerability scan. Project Sonar, etc.
RIPE Atlas Probes come to mind too.
I wonder if any of the organizations coordinating these can work with
you to help identify if any of their (sub)projects might be causing the
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
More information about the dns-operations