10 May
2005
10 May
'05
12:14 p.m.
On Tue, 10 May 2005, Douglas E. Warner wrote:
Since about 03:00 UTC this morning I've been seeing a huge increase in "IN ANY" requests for "msn.com.". While my name servers have not seen much, if any, "IN ANY" queries in the past, now I'm seeing ~ 50 queries/second. I'll include a tcpdump sample below. Actually, while I was writing this post the queries seem to have stopped (15:05 UTC). Is this typical of a botnet or some worm propogating? Any experience in this type of traffic would be very much appreciated.
One thing I've noticed that likes to generate ANY queries is Qmail... Duane W.