1/31 7:07〜2/1 0:20にかけて「208.76.253.253」からDNSへの攻撃パケット(ルートドメインのNSレコードを引く)が来ていた。

% dig -x 208.76.253.253

; <<>> DiG 9.5.0-P2 <<>> -x 208.76.253.253
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21005
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;253.253.76.208.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
253.253.76.208.in-addr.arpa. 3280 IN    PTR     scamfraudalert.com.

;; AUTHORITY SECTION:
253.76.208.in-addr.arpa. 3280   IN      NS      ns2.colocationamerica.com.
253.76.208.in-addr.arpa. 3280   IN      NS      ns1.colocationamerica.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb  2 13:41:20 2009
;; MSG SIZE  rcvd: 131

% whois 208.76.253.253
Colocation America Corporation CAC-BLOCK2 (NET-208-76-248-0-1)
                                  208.76.248.0 - 208.76.255.255
Scam Fraud Alert SFA (NET-208-76-253-252-1)
                                  208.76.253.252 - 208.76.253.255

# ARIN WHOIS database, last updated 2009-02-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

scamfraudalert.comで検索したら詐欺メールの警告とかやってる企業ぽいんだが…