[dns-operations] DNS MX queries with '@'
Kaio Rafael
kaiorafael at dcc.ufam.edu.br
Mon Apr 13 19:47:20 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all,
I am studying some DNS traffic anomalous behavior, and i noted that
some MX type queries are using in the QNAME field the at ('@')
character, i never seen this behavior before, does anyone have already
seen that?
IP 201.XXX.XXX.3.59299 > 200.XXX.XXX.10.53: 24610 [1au] MX?
@acrox.ind.br.
IP 201.XXX.XXX.3.59299 > 200.XXX.XXX.10.53: 52674 [1au] MX?
@proverbrasil.com.br. (49)
This IP 201.XXX.XXX.3, is only seen in a specific time period in my
traces files. Maybe is a botnet activity, but i am not sure about that. :)
Thank you.
- --
Kaio Rafael
Site: http://www.dcc.ufam.edu.br/~kaiorafael/
E-mail: kaiorafael at dcc dot ufam dot edu dot br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAknjlsgACgkQVxkrgL1Y47OoowCfeXBxKZND4NNA01sHIJAnuUj1
PjYAn3QBmmLAy3lxGneeklx3xmkGilHh
=Jxhp
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list