Random nx name queries, anyone see this before?
Alan Clegg
Alan_Clegg at isc.org
Mon Dec 15 22:05:31 UTC 2008
ponga2112 at gmail.com wrote:
> I'm seeing name queries from a couple clients on the network that
> occur around every two minutes - the queries are evidently random and
> are looking for A IN records of this form, as an example:
>
> ungzbvyf.lzghmccim
>
> They always look like this, 8 lowercase chars, dot, then 9 lowercase
> chars - never an FQDN.
> I can't find what this might be - has anyone seen this before or have
> any ideas?
I've seen this and told a couple of people, but nobody has really shown
interest.
In addition to the regular format that you see, I've also picked up a
pattern when you start seeing the queries from multiple sources...
I'll be more than happy to start collecting data again if anyone has
interest.
AlanC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20081215/0b488510/attachment.bin>
More information about the bind-users
mailing list