Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Suspiciously quiet on DNS scan activity SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Suspiciously quiet on DNS scan activity
One report that we run daily lists all attempts across our perimeter security for DNS Zone Transfer and All Records requests. I cannot remember a time where we did not see IPs that scan our entire /22 for one of these types. However, over the past 3 days, I have not seen these scans.

A review of port 53 (https://isc.sans.edu/port.html?port=53) in the ISC database is showing a drop in sources but not targets.

I realize that my view of Internet traffic is limited, but was wondering if anyone else was seeing this - or if it is even significant?
Thomas

3 Posts
So, I guess I spoke too soon. Our little gremlins are back. I'll own that up to some sort of cycle in the 'scanners'. Still, three days of no activity seemed a little odd... Anonymous

-

Sign Up for Free or Log In to start participating in the conversation!