[Dshield] Strange DNS Lookup
Mar Matthias Darin
BDarin at tanaya.net
Fri Jun 6 19:04:39 GMT 2008
Thank you everyone for replying.
This just struck me as very unusual considering all the yahoo lookups I've
done in the last three years testing the program and in the last 10 years on
learning how domain servers work. I've never seen some of the unusual
listings directly attached to a yahoo IP address before.
The point that stuck out the most to me was the ip address, 66.94.237.10, is
owned by yahoo as is part of their yahoo groups mailout system.
Here's a dig for the IP:
; <<>> DiG 9.4.1-P1 <<>> -t any -x 66.94.237.10
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57129
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;10.237.94.66.in-addr.arpa. IN ANY
;; ANSWER SECTION:
10.237.94.66.in-addr.arpa. 1200 IN PTR n32c.bullet.scd.yahoo.com.
;; AUTHORITY SECTION:
237.94.66.in-addr.arpa. 99951 IN NS ns4.yahoo.com.
237.94.66.in-addr.arpa. 99951 IN NS ns3.yahoo.com.
237.94.66.in-addr.arpa. 99951 IN NS ns5.yahoo.com.
237.94.66.in-addr.arpa. 99951 IN NS ns1.yahoo.com.
237.94.66.in-addr.arpa. 99951 IN NS ns2.yahoo.com.
;; ADDITIONAL SECTION:
ns1.yahoo.com. 99355 IN A 66.218.71.63
ns2.yahoo.com. 99355 IN A 68.142.255.16
ns3.yahoo.com. 99355 IN A 217.12.4.104
ns4.yahoo.com. 99355 IN A 68.142.196.63
ns5.yahoo.com. 99355 IN A 203.84.197.239
;; Query time: 40 msec
More information about the list
mailing list