[dns-operations] Weird query name "case" queries?
Mohamed Lrhazi
ml623 at georgetown.edu
Wed Sep 19 00:25:39 UTC 2012
Great, thanks a lot guys. So this is most likely good guys, not bad
guys as one would suspect at firs!
Mohamed.
On Tue, Sep 18, 2012 at 8:14 PM, David Miller <dmiller at tiggee.com> wrote:
>
>
> On 9/18/2012 8:06 PM, Mohamed Lrhazi wrote:
>> I've noticed quite a bit of queries to our DNS servers, that look
>> pretty normal except for the fact that the character case is weird..
>> seems to be switching case randomly!
>>
>> like:
>>
>> nAme1.dOMain.Com
>> naMe2.DOMain.coM
>> ...
>>
>> and so on..
>>
>> I am wondering if this my DNS server logging issue, or some bug or
>> attack/scan technique out there.
>
> Probably just 0x20 bit encoding.
>
> Refs:
> https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00
> https://isc.sans.edu/diary.html?storyid=12418
>
> -DMM
>
>> Thanks,
>> Mohamed.
More information about the dns-operations
mailing list