|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Malicious DNS request?
Joe Shen wrote: > Hi, > > In past days I noticed the nxdomain statistics in > named.stats keeps increasing.( I run it every 5 min) > > By tcpdump, it's found a remote computer keep asking > address for record like > 999d38e693b9e6293b450.0existence.com, > 60d38e693b9e6293b450.0be6c1xfa.net. > > is that a virus affacted computer? > > How could such request be filtered or minimize its > affaction on DNS server? Either this is a DDoS (woohoo!! I used the forbidden word) or you are seeing a botnet trying to connect and putting in some smoke-screen while at it to try and poison dns-top. I'd suggest dropping requests for domains you don't hold. Gadi.
|