Unusual IN ANY DNS Traffic

• Previous message (by thread): Unusual IN ANY DNS Traffic
• Next message (by thread): Unusual IN ANY DNS Traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 10 May 2005, Douglas E. Warner wrote:

> Since about 03:00 UTC this morning I've been seeing a huge increase in "IN
> ANY" requests for "msn.com.".  While my name servers have not seen much, if
> any, "IN ANY" queries in the past, now I'm seeing ~ 50 queries/second.  I'll
> include a tcpdump sample below.
> Actually, while I was writing this post the queries seem to have stopped
> (15:05 UTC).
> Is this typical of a botnet or some worm propogating?  Any experience in this
> type of traffic would be very much appreciated.


One thing I've noticed that likes to generate ANY queries is Qmail...

Duane W.

• Previous message (by thread): Unusual IN ANY DNS Traffic
• Next message (by thread): Unusual IN ANY DNS Traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]