[nsp-sec] Excessive DNS activity for the "qq.com" Domain
John Kristoff
jtk at ultradns.net
Fri Feb 29 09:51:52 EST 2008
On Fri, 29 Feb 2008 08:40:25 -0330
"White, Gerard" <Gerard.White at aliant.ca> wrote:
> If others here were to check their DNS Infrastructure (including
> attempts at open resolver testing), do you see a rather unusual amount
> of
> activity for domains in the <*.qq.com> hierarchy?
Yes I've seen some. A and AAAA queries for various names in that zone.
Looks like mostly or entirely from various consumer-oriented addresseses
in the China region for valid names/sites in qq.com. Doesn't look abusive
from the perspective of each resolver, but certainly odd behavior.
Perhaps something broken, someone testing/researching something or
maybe it's time to fire up the conspiracy generator machine? :-)
John
More information about the nsp-security
mailing list