Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog - Internet wide DNS scanning InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Internet wide DNS scanning

Published: 2013-10-17
Last Updated: 2013-10-17 16:06:18 UTC
by Adrien de Beaupre (Version: 1)
9 comment(s)

We have received a request from a research group to let everyone know that they will be conducting Internet wide scanning of DNS servers. This is their request:

"Our team at the Network Architectures and Services Dept. (I8) of TU München, Germany, has started a DNS scan. This has similar goals as the scans that we have conducted for SSL and SSH in the past months. Once again, the purpose is purely scientific. The scanning machine is 131.159.14.42. We are querying DNS servers to resolve host names. We do not in any way try to compromise the servers. Additionally, the load caused by our activities should be very low on a single server. The idea of our queries is to get a better understanding of the inner workings of DNS, one of the most ubiquitous protocols of the Internet. We would it appreciate it very much if you added a comment in your database. Please note that we respond to every complaint and are happy to blacklist systems with annoyed admins." 

Their purpose is scientific research. Interesting, I call scanning without permission unethical, and rude. Here is what I recommend if you do not want to be part of the research, that you block all DNS requests from that IP address. They have performed similar SSH and SSL scans in the past, from different IP addresses. What do you think? Let us know via our Contact Us page or in comments below.

Let's be careful out there!

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
My SANS Teaching Schedule

Keywords: dns scanning
9 comment(s)
Diary Archives