[dns-operations] Botnets, botnets everywhere

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Sep 11 13:11:19 UTC 2014


On Thu, Sep 11, 2014 at 04:38:25PM +0400,
 Peter Andreev <andreev.peter at gmail.com> wrote 
 a message of 29 lines which said:

> a lot of very weird queries, like the following:
> 
> 16:11:41.450794 IP 217.195.66.253.37426 > 62.76.76.62.53: 42580+ A?
> swfjwvtkhqx.www.feile8888.com. (47)
> 16:11:41.450796 IP 91.209.124.75.50584 > 62.76.76.62.53: 37269+ [1au]
> A? izhsccxedub.www.feile666.com. (57)

Looks like the "random qnames" attack <http://www.michael-joost.de/dnsterror.html>




More information about the dns-operations mailing list