[caiu] Acesso DNS vindo do ip 174.127.163.120.
alfredo junior
aljr em lbr.com.br
Sexta Julho 20 21:21:06 BRT 2012
Estamos tendo várias tentativas de consulta ao nosso DNS vindo do IP
174.127.163.120, estranho que verifiquei em outros clientes que tem
servidores de DNS próprios a consulta vindo desse mesmo IP, alguém sabe
o que pode ser?
veja:
[root at s1 ~]# tcpdump -n -i any host 174.127.163.120 -c 5
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
bytes
19:16:44.791662 IP 174.127.163.120.20578 > xxx.xxx.xxx.xxx.53: 25168+
ANY? svenskbladet.se. (33)
19:16:44.791975 IP xxx.xxx.xxx.xxx.53 > 174.127.163.120.20578: 25168
Refused- 0/0/0 (33)
19:16:44.855666 IP 174.127.163.120.46265 > xxx.xxx.xxx.xxx.53: 47540+
ANY? svenskbladet.se. (33)
19:16:44.856066 IP xxx.xxx.xxx.xxx.53 > 174.127.163.120.46265: 47540
Refused- 0/0/0 (33)
19:16:45.094657 IP 174.127.163.120.65109 > xxx.xxx.xxx.xxx.53: 22014+
ANY? svenskbladet.se. (33)
[root at stn015 ~]# tcpdump -n -i any host 174.127.163.120 -c 5
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
bytes
19:18:00.583846 IP 174.127.163.120.8505 > 189.74.157.10.53: 14625+ ANY?
xxx.com.br. (30)
19:18:00.584276 IP 189.74.157.10.53 > 174.127.163.120.8505: 14625*-
7/0/4 SOA, A 189.3.94.178, NS ns2.xxx.com.br., NS ns3.xxx.com.br
19:18:00.589205 IP 174.127.163.120.8504 > xxx.xxx.xxx.xxx.53: 14369+
ANY? xxx.com.br. (30)
19:18:00.589617 IP xxx.xxx.xxx.xxx.53 > 174.127.163.120.8504: 14369*-
7/0/4 SOA, A 189.3.94.178, NS ns2.xxx.com.br., NS ns3.xxx.com.
19:18:00.781473 IP 174.127.163.120.254 > xxx.xxx.xxx.xxx.53: 65024+ ANY?
xxx.com.br. (30)
[root at xxxxx ~]# tcpdump -n -i any host 174.127.163.120 -c 5
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
bytes
19:14:29.871030 IP 174.127.163.120.22320 > xxx.xxx.xxx.xxx.53: 12375+
ANY? svenskbladet.se. (33)
19:14:29.871158 IP xxx.xxx.xxx.xxx.53 > 174.127.163.120.22320: 12375
Refused- 0/0/0 (33)
19:14:30.023240 IP 174.127.163.120.37942 > xxx.xxx.xxx.xxx.53: 13972+
ANY? svenskbladet.se. (33)
19:14:30.023351 IP xxx.xxx.xxx.xxx.53 > 174.127.163.120.37942: 13972
Refused- 0/0/0 (33)
19:14:30.140941 IP 174.127.163.120.31051 > xxx.xxx.xxx.xxx.53: 19321+
ANY? svenskbladet.se. (33)
Mais detalhes sobre a lista de discussão caiu