[dns-operations] Weird query name "case" queries?
David Miller
dmiller at tiggee.com
Wed Sep 19 00:14:48 UTC 2012
On 9/18/2012 8:06 PM, Mohamed Lrhazi wrote:
> I've noticed quite a bit of queries to our DNS servers, that look
> pretty normal except for the fact that the character case is weird..
> seems to be switching case randomly!
>
> like:
>
> nAme1.dOMain.Com
> naMe2.DOMain.coM
> ...
>
> and so on..
>
> I am wondering if this my DNS server logging issue, or some bug or
> attack/scan technique out there.
Probably just 0x20 bit encoding.
Refs:
https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00
https://isc.sans.edu/diary.html?storyid=12418
-DMM
> Thanks,
> Mohamed.
More information about the dns-operations
mailing list