Em 26/11/2013, à(s) 00:22, Mark Andrews <[email protected]> escreveu: > > In message <[email protected]>, Dnsbed Ops writes: >> Hello, >> >> My nameservers currently have been meeting the attacks. >> All these queries are against one special domain, from the seemed fake IPs. >> And those eat up the bandwidth quickly since I run the nameservers with >> hosting servers. >> Can you help? Thanks in advance. > > The logs actually look like the queries are from recursive servers > following normal recursion looking at the mixture of flags and that > they are directed at a official server for the zone. > > ns6.cloudwebdns.com. 3600 IN A 116.251.209.248 > ns6.cloudwebdns.com. 3600 IN A 192.208.187.242 > > I suspect something is trying to detect whether there is nxdomain > redirection occuring by prepend a random string to www.byw.so.
Which follows the known Chromium (main Google Chrome component) pattern of a few random 10-character requests for every search query to make such detection. Rubens
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
