[caiu] Acesso DNS vindo do ip 174.127.163.120.

alfredo junior aljr em lbr.com.br
Sexta Julho 20 21:21:06 BRT 2012


Estamos tendo várias tentativas de consulta ao nosso DNS vindo do IP 
174.127.163.120, estranho que verifiquei em outros clientes que tem 
servidores de DNS próprios a consulta vindo desse mesmo IP, alguém sabe 
o que pode ser?

veja:

[root at s1 ~]# tcpdump -n -i any host 174.127.163.120 -c 5
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 
bytes
19:16:44.791662 IP 174.127.163.120.20578 > xxx.xxx.xxx.xxx.53: 25168+ 
ANY? svenskbladet.se. (33)
19:16:44.791975 IP xxx.xxx.xxx.xxx.53 > 174.127.163.120.20578: 25168 
Refused- 0/0/0 (33)
19:16:44.855666 IP 174.127.163.120.46265 > xxx.xxx.xxx.xxx.53: 47540+ 
ANY? svenskbladet.se. (33)
19:16:44.856066 IP xxx.xxx.xxx.xxx.53 > 174.127.163.120.46265: 47540 
Refused- 0/0/0 (33)
19:16:45.094657 IP 174.127.163.120.65109 > xxx.xxx.xxx.xxx.53: 22014+ 
ANY? svenskbladet.se. (33)

[root at stn015 ~]# tcpdump -n -i any host 174.127.163.120 -c 5
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 
bytes
19:18:00.583846 IP 174.127.163.120.8505 > 189.74.157.10.53: 14625+ ANY? 
xxx.com.br. (30)
19:18:00.584276 IP 189.74.157.10.53 > 174.127.163.120.8505: 14625*- 
7/0/4 SOA, A 189.3.94.178, NS ns2.xxx.com.br., NS ns3.xxx.com.br
19:18:00.589205 IP 174.127.163.120.8504 > xxx.xxx.xxx.xxx.53: 14369+ 
ANY? xxx.com.br. (30)
19:18:00.589617 IP xxx.xxx.xxx.xxx.53 > 174.127.163.120.8504: 14369*- 
7/0/4 SOA, A 189.3.94.178, NS ns2.xxx.com.br., NS ns3.xxx.com.
19:18:00.781473 IP 174.127.163.120.254 > xxx.xxx.xxx.xxx.53: 65024+ ANY? 
xxx.com.br. (30)

[root at xxxxx ~]# tcpdump -n -i any host 174.127.163.120 -c 5
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 
bytes
19:14:29.871030 IP 174.127.163.120.22320 > xxx.xxx.xxx.xxx.53: 12375+ 
ANY? svenskbladet.se. (33)
19:14:29.871158 IP xxx.xxx.xxx.xxx.53 > 174.127.163.120.22320: 12375 
Refused- 0/0/0 (33)
19:14:30.023240 IP 174.127.163.120.37942 > xxx.xxx.xxx.xxx.53: 13972+ 
ANY? svenskbladet.se. (33)
19:14:30.023351 IP xxx.xxx.xxx.xxx.53 > 174.127.163.120.37942: 13972 
Refused- 0/0/0 (33)
19:14:30.140941 IP 174.127.163.120.31051 > xxx.xxx.xxx.xxx.53: 19321+ 
ANY? svenskbladet.se. (33)



Mais detalhes sobre a lista de discussão caiu