Dear Tom,
Because my firewall reports top 10 attack source which contains said IP addresses, those traffic match the signature of DNS attack, the hitcount rate is very high. So I may consider to those traffic is not safe. But as known from Symantec, those IPs are hold by them. So I need to determine whehter I need to block the traffic or not.
I have consult my technical support vendor, they suggest us to contact Symantec to ask for more information.
Are those IP addresses hold by your company, not Symantec?
Do you mind to provide related information?
Thanks,
Ben