bad dns senders in the wild

In this (my blog)  i collected and geoip’ed where bad dns requests came from

These countries all where under 100 ip address entries – these go low to highest

MD (1) AL GR HK KR LT AE BA CO DZ EC EG IE
VN MQ CR DO JM IR TH IL TR BY CZ SG ID IN AT BG HR MA EU NO
CL MX AR IT PL PA SA SE RS UA PT (95)

teamamericaThe top scorers by ip address where

BE 109
AU 129
JP 135
DK 137
BR 145
CH 152
CA 173
RU 174
GB 314
RO 334
DE 500
ES 621
CN 987
None 1282 (not in geoip db)
FR 1516
NL 1808
US 3753

Still no north korea  in those codes.  None – means no country identified which is obscured say a Russian has contact details in a .ae [middle east] based ip space.  Another fun guess who is Russians using .ua (Ukraine) ip addresses.

Congrats to the US as the winner for sending the most crap.

minionThese are top ip addresses the log keeps seeing with junk dns requests again from lowest (100 > 1000)

58.27.208.216
84.200.68.19
98.28.81.137
104.255.70.247
106.104.1.178
109.163.224.34
119.97.137.184
122.70.134.81
178.239.163.178
198.48.92.104
204.42.253.2
208.43.101.78
218.60.5.146 
185.56.28.67
185.94.111.1

Have fun with this.  I did.

by golly but...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s