nanog mailing list archives
Re: Unusual IN ANY DNS Traffic
From: Duane Wessels <cee4 () packet-pushers com>
Date: Tue, 10 May 2005 10:14:28 -0600 (MDT)
On Tue, 10 May 2005, Douglas E. Warner wrote:
Since about 03:00 UTC this morning I've been seeing a huge increase in "IN ANY" requests for "msn.com.". While my name servers have not seen much, if any, "IN ANY" queries in the past, now I'm seeing ~ 50 queries/second. I'll include a tcpdump sample below. Actually, while I was writing this post the queries seem to have stopped (15:05 UTC). Is this typical of a botnet or some worm propogating? Any experience in this type of traffic would be very much appreciated.
One thing I've noticed that likes to generate ANY queries is Qmail... Duane W.
Current thread:
- Unusual IN ANY DNS Traffic Douglas E. Warner (May 10)
- Re: Unusual IN ANY DNS Traffic Duane Wessels (May 10)
- Re: Unusual IN ANY DNS Traffic Douglas E. Warner (May 10)
- Message not available
- Re: Unusual IN ANY DNS Traffic Douglas E. Warner (May 11)
- Re: Unusual IN ANY DNS Traffic Douglas E. Warner (May 10)
- Re: Unusual IN ANY DNS Traffic Duane Wessels (May 10)