[80785] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Malicious DNS request?

daemon@ATHENA.MIT.EDU (Joe Shen)
Thu May 12 04:12:08 2005

Date: Thu, 12 May 2005 16:11:35 +0800 (CST)
From: Joe Shen <joe_hznm@yahoo.com.sg>
To: NANGO <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu

Hi,

In past days I noticed the nxdomain statistics in
named.stats keeps increasing.( I run it every 5 min)

By tcpdump, it's found a remote computer keep asking
address for record like
999d38e693b9e6293b450.0existence.com,
60d38e693b9e6293b450.0be6c1xfa.net. 

is that a virus affacted computer? 

How could such request be filtered or minimize its
affaction on DNS server?

regards

Joe

__________________________________________________
Do You Yahoo!?
Log on to Messenger with your mobile phone!
http://sg.messenger.yahoo.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[80785] in North American Network Operators' Group

Malicious DNS request?

daemon@ATHENA.MIT.EDU (Joe Shen)Thu May 12 04:12:08 2005

daemon@ATHENA.MIT.EDU (Joe Shen)
Thu May 12 04:12:08 2005