[dns-operations] Lots of queries for TXT records?
Rob Thomas
robt at cymru.com
Wed Apr 8 04:01:46 UTC 2009
Hey, Chris.
Thanks for the heads-up!
> I am seeing a lot of queries for TXT records for "deepholeforyou.info"
> from a number of clients (many making several dozen requests per
> second). Earlier, this was returning huge TXT records (I was seeing 4-5
> times as much traffic from my recursive server), but now they've been
> replaced by a CNAME to fworld.net (with no TXT records).
I see these queries beginning at least as early as 2009-04-03 01:50:12
UTC, and perhaps earlier. I'm doing more digging now.
> Is there some virus/worm I haven't yet heard of causing this?
Unclear. A quick scan of our malware menagerie didn't turn up any hits,
but I'm still looking.
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the dns-operations
mailing list