12 May
2005
12 May
'05
4:41 a.m.
Joe Shen wrote:
Hi,
In past days I noticed the nxdomain statistics in named.stats keeps increasing.( I run it every 5 min)
By tcpdump, it's found a remote computer keep asking address for record like 999d38e693b9e6293b450.0existence.com, 60d38e693b9e6293b450.0be6c1xfa.net.
is that a virus affacted computer?
How could such request be filtered or minimize its affaction on DNS server?
Either this is a DDoS (woohoo!! I used the forbidden word) or you are seeing a botnet trying to connect and putting in some smoke-screen while at it to try and poison dns-top. I'd suggest dropping requests for domains you don't hold. Gadi.