<div dir="ltr"><div>Thanks for sharing this. It makes sense: the ability to spin up unlimited low/no cost computing power at the largest elastic computing provider in the world is bound to attract folks who have malicious intent. Centralizing computing power to a small number of big providers is a risky proposition.</div><div><br></div><div>The question I have is: what can be done about it?</div><div><br></div><div>-Anthony</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 5, 2019 at 9:38 AM MAYER Hans <<a href="mailto:Hans.Mayer@iiasa.ac.at">Hans.Mayer@iiasa.ac.at</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div class="gmail-m_7364004777705215950WordSection1">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Dear All, <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">With the experience of these scans during the last months I was interested to know more about the intentions of these hackers. Therefore I created a subdomain also with reverse lookup for an IP-range which is not used. As these lookups
for my in-addr.arpa. range are still ongoing it was not surprising that after short time the dots in the geo-map are spread over the world. Looking for names in this subdomain is only possible if someone did a reverse lookup before. Assuming that the same
source IP addresses respectively domains for name lookups are identical to those for reverse lookup is completely wrong. This is a list of all IP addresses which did a lookup for this honeypot names during the last 5 days:
<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">3.208.24.74 <a href="http://ec2-3-208-24-74.compute-1.amazonaws.com" target="_blank">ec2-3-208-24-74.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">3.80.93.35 <a href="http://ec2-3-80-93-35.compute-1.amazonaws.com" target="_blank">ec2-3-80-93-35.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">3.85.93.0 <a href="http://ec2-3-85-93-0.compute-1.amazonaws.com" target="_blank">ec2-3-85-93-0.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">3.88.100.109 <a href="http://ec2-3-88-100-109.compute-1.amazonaws.com" target="_blank">ec2-3-88-100-109.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">3.90.201.243 <a href="http://ec2-3-90-201-243.compute-1.amazonaws.com" target="_blank">ec2-3-90-201-243.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">3.91.30.123 <a href="http://ec2-3-91-30-123.compute-1.amazonaws.com" target="_blank">ec2-3-91-30-123.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">3.95.226.247 <a href="http://ec2-3-95-226-247.compute-1.amazonaws.com" target="_blank">ec2-3-95-226-247.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">13.52.77.52 <a href="http://ec2-13-52-77-52.us-west-1.compute.amazonaws.com" target="_blank">ec2-13-52-77-52.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">13.56.168.100 <a href="http://ec2-13-56-168-100.us-west-1.compute.amazonaws.com" target="_blank">ec2-13-56-168-100.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">13.57.211.248 <a href="http://ec2-13-57-211-248.us-west-1.compute.amazonaws.com" target="_blank">ec2-13-57-211-248.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">18.144.22.236 <a href="http://ec2-18-144-22-236.us-west-1.compute.amazonaws.com" target="_blank">ec2-18-144-22-236.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">18.205.25.35 <a href="http://ec2-18-205-25-35.compute-1.amazonaws.com" target="_blank">ec2-18-205-25-35.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">18.236.162.184 <a href="http://ec2-18-236-162-184.us-west-2.compute.amazonaws.com" target="_blank">ec2-18-236-162-184.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">18.237.104.100 <a href="http://ec2-18-237-104-100.us-west-2.compute.amazonaws.com" target="_blank">ec2-18-237-104-100.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">34.201.112.86 <a href="http://ec2-34-201-112-86.compute-1.amazonaws.com" target="_blank">ec2-34-201-112-86.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">34.203.34.125 <a href="http://ec2-34-203-34-125.compute-1.amazonaws.com" target="_blank">ec2-34-203-34-125.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">34.209.72.240 <a href="http://ec2-34-209-72-240.us-west-2.compute.amazonaws.com" target="_blank">ec2-34-209-72-240.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">34.211.107.180 <a href="http://ec2-34-211-107-180.us-west-2.compute.amazonaws.com" target="_blank">ec2-34-211-107-180.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">34.217.215.120 <a href="http://ec2-34-217-215-120.us-west-2.compute.amazonaws.com" target="_blank">ec2-34-217-215-120.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">34.219.162.16 <a href="http://ec2-34-219-162-16.us-west-2.compute.amazonaws.com" target="_blank">ec2-34-219-162-16.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">34.220.201.91 <a href="http://ec2-34-220-201-91.us-west-2.compute.amazonaws.com" target="_blank">ec2-34-220-201-91.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">34.221.117.253 <a href="http://ec2-34-221-117-253.us-west-2.compute.amazonaws.com" target="_blank">ec2-34-221-117-253.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">34.222.137.205 <a href="http://ec2-34-222-137-205.us-west-2.compute.amazonaws.com" target="_blank">ec2-34-222-137-205.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">34.224.174.188 <a href="http://ec2-34-224-174-188.compute-1.amazonaws.com" target="_blank">ec2-34-224-174-188.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">34.228.69.14 <a href="http://ec2-34-228-69-14.compute-1.amazonaws.com" target="_blank">ec2-34-228-69-14.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">34.230.19.93 <a href="http://ec2-34-230-19-93.compute-1.amazonaws.com" target="_blank">ec2-34-230-19-93.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">35.160.244.197 <a href="http://ec2-35-160-244-197.us-west-2.compute.amazonaws.com" target="_blank">ec2-35-160-244-197.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">35.167.192.183 <a href="http://ec2-35-167-192-183.us-west-2.compute.amazonaws.com" target="_blank">ec2-35-167-192-183.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">52.11.241.28 <a href="http://ec2-52-11-241-28.us-west-2.compute.amazonaws.com" target="_blank">ec2-52-11-241-28.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">52.12.187.35 <a href="http://ec2-52-12-187-35.us-west-2.compute.amazonaws.com" target="_blank">ec2-52-12-187-35.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">52.53.152.137 <a href="http://ec2-52-53-152-137.us-west-1.compute.amazonaws.com" target="_blank">ec2-52-53-152-137.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">52.89.35.100 <a href="http://ec2-52-89-35-100.us-west-2.compute.amazonaws.com" target="_blank">ec2-52-89-35-100.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.145.15.148 <a href="http://ec2-54-145-15-148.compute-1.amazonaws.com" target="_blank">ec2-54-145-15-148.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.153.106.24 <a href="http://ec2-54-153-106-24.us-west-1.compute.amazonaws.com" target="_blank">ec2-54-153-106-24.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.160.224.178 <a href="http://ec2-54-160-224-178.compute-1.amazonaws.com" target="_blank">ec2-54-160-224-178.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.164.10.21 <a href="http://ec2-54-164-10-21.compute-1.amazonaws.com" target="_blank">ec2-54-164-10-21.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.167.59.28 <a href="http://ec2-54-167-59-28.compute-1.amazonaws.com" target="_blank">ec2-54-167-59-28.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.177.42.164 <a href="http://ec2-54-177-42-164.us-west-1.compute.amazonaws.com" target="_blank">ec2-54-177-42-164.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.183.206.159 <a href="http://ec2-54-183-206-159.us-west-1.compute.amazonaws.com" target="_blank">ec2-54-183-206-159.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.186.47.231 <a href="http://ec2-54-186-47-231.us-west-2.compute.amazonaws.com" target="_blank">ec2-54-186-47-231.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.191.144.173 <a href="http://ec2-54-191-144-173.us-west-2.compute.amazonaws.com" target="_blank">ec2-54-191-144-173.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.193.100.84 <a href="http://ec2-54-193-100-84.us-west-1.compute.amazonaws.com" target="_blank">ec2-54-193-100-84.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.201.110.109 <a href="http://ec2-54-201-110-109.us-west-2.compute.amazonaws.com" target="_blank">ec2-54-201-110-109.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.209.142.179 <a href="http://ec2-54-209-142-179.compute-1.amazonaws.com" target="_blank">ec2-54-209-142-179.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.210.87.43 <a href="http://ec2-54-210-87-43.compute-1.amazonaws.com" target="_blank">ec2-54-210-87-43.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.212.39.71 <a href="http://ec2-54-212-39-71.us-west-2.compute.amazonaws.com" target="_blank">ec2-54-212-39-71.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.214.127.179 <a href="http://ec2-54-214-127-179.us-west-2.compute.amazonaws.com" target="_blank">ec2-54-214-127-179.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.215.240.32 <a href="http://ec2-54-215-240-32.us-west-1.compute.amazonaws.com" target="_blank">ec2-54-215-240-32.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.218.221.102 <a href="http://ec2-54-218-221-102.us-west-2.compute.amazonaws.com" target="_blank">ec2-54-218-221-102.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.219.151.85 <a href="http://ec2-54-219-151-85.us-west-1.compute.amazonaws.com" target="_blank">ec2-54-219-151-85.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.221.33.71 <a href="http://ec2-54-221-33-71.compute-1.amazonaws.com" target="_blank">ec2-54-221-33-71.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.241.187.214 <a href="http://ec2-54-241-187-214.us-west-1.compute.amazonaws.com" target="_blank">ec2-54-241-187-214.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.242.169.195 <a href="http://ec2-54-242-169-195.compute-1.amazonaws.com" target="_blank">ec2-54-242-169-195.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.67.89.221 <a href="http://ec2-54-67-89-221.us-west-1.compute.amazonaws.com" target="_blank">ec2-54-67-89-221.us-west-1.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.70.125.167 <a href="http://ec2-54-70-125-167.us-west-2.compute.amazonaws.com" target="_blank">ec2-54-70-125-167.us-west-2.compute.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">54.82.20.141 <a href="http://ec2-54-82-20-141.compute-1.amazonaws.com" target="_blank">ec2-54-82-20-141.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">69.175.15.106 <a href="http://server.ssc-singlehop1.com" target="_blank">server.ssc-singlehop1.com</a>.<u></u><u></u></p>
<p class="MsoNormal">71.6.165.142<u></u><u></u></p>
<p class="MsoNormal">74.125.190.150<u></u><u></u></p>
<p class="MsoNormal">107.20.131.196 <a href="http://ec2-107-20-131-196.compute-1.amazonaws.com" target="_blank">ec2-107-20-131-196.compute-1.amazonaws.com</a>.<u></u><u></u></p>
<p class="MsoNormal">107.6.173.166 <a href="http://api-5.resolver.prd.daymax.xyz" target="_blank">api-5.resolver.prd.daymax.xyz</a>.<u></u><u></u></p>
<p class="MsoNormal">198.143.174.170 <a href="http://api-6.resolver.prd.daymax.xyz" target="_blank">api-6.resolver.prd.daymax.xyz</a>.<u></u><u></u></p>
<p class="MsoNormal"><span lang="DE-AT">208.100.26.239 <a href="http://ip239.208-100-26.static.steadfastdns.net" target="_blank">ip239.208-100-26.static.steadfastdns.net</a>.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="DE-AT">240e:13:1800:100::123<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="DE-AT"><u></u> <u></u></span></p>
<p class="MsoNormal">So 7 of total 64 IP addresses are not coming from <a href="http://amazonaws.com" target="_blank">amazonaws.com</a>
<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Kind regards<u></u><u></u></p>
<p class="MsoNormal">Hans <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)">--<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)">Ing. Dipl.-Ing. Hans Mayer<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)">Systems Administrator<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)">Information and Communication Technologies (ICT)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)">International Institute for Applied Systems Analysis (IIASA)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)">Schlossplatz 1<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)">A-2361 Laxenburg, Austria<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)">Phone: +43 2236 807 Ext 215<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)">Mobile: +43 676 83 807 215<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)">Web: <a href="http://www.iiasa.at" target="_blank">
<span style="color:rgb(5,99,193)">http://www.iiasa.at</span></a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)">E-Mail: <a href="mailto:mayer@iiasa.ac.at" target="_blank">
<span style="color:rgb(5,99,193)">mayer@iiasa.ac.at</span></a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(91,155,213)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(91,155,213)">Note: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(91,155,213)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(84,141,212)"><u></u> <u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net" target="_blank">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
dns-operations mailing list<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">DNSimple.com<br><a href="http://dnsimple.com/" target="_blank">http://dnsimple.com/</a><br>Twitter: @dnsimple</div>