[dns-operations] Abnormal activity fron chinanet?

Torsten Segner torsten at segner.eu
Fri Jan 20 10:04:40 UTC 2012

Am Fri, 2 Dec 2011 12:18:01 +0100
schrieb "Roberto Navarro - TusProfesionales.es" <rnavarro at tusprofesionales.es>:

> See attached image.
> Querys come frome chinanet, and when one IP is firewalled another one takes 
> his place.

Is anyone else still seeing this in their statistics?

The only thing that has changed is the amount of domains asked for. The formerly static set of 176 domains has increased to 2695.
Another thing that has changed are the hosts being asked for. Initially it has just been the domain itself. By the end of December 2011 we also received ANY requests for the nameservers used and since last week we also receive ANY requests for hosts like www or mail.

Furthermore it's not just IP's from CHINANET anymore but also a substantial amount of queries coming from GOOGLE net ranges.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: querystats.png
Type: image/png
Size: 53385 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20120120/dc2d66a9/attachment.png>

More information about the dns-operations mailing list