[nsp-sec] Excessive DNS activity for the "qq.com" Domain
Rob Thomas
robt at cymru.com
Mon Mar 3 13:58:44 EST 2008
Hi, Gerard.
> If others here were to check their DNS Infrastructure (including
> attempts at open resolver testing), do you see a rather unusual amount
> of
>
> activity for domains in the <*.qq.com> hierarchy?
Not so much, really. Here is what we see for 2008-01 UTC:
26 2008-01-01
11 2008-01-02
12 2008-01-03
33 2008-01-04
47 2008-01-05
38 2008-01-06
19 2008-01-07
26 2008-01-08
50 2008-01-09
22 2008-01-10
48 2008-01-11
8 2008-01-12
7 2008-01-16
4 2008-01-17
6 2008-01-18
28 2008-01-19
29 2008-01-20
27 2008-01-21
2 2008-01-22
10 2008-01-23
18 2008-01-24
9 2008-01-25
4 2008-01-27
4 2008-01-28
1 2008-01-29
Here is what we see for 2008-02 UTC:
11 2008-02-01
8 2008-02-02
10 2008-02-05
47 2008-02-06
5 2008-02-08
9 2008-02-09
19 2008-02-10
6 2008-02-11
2 2008-02-12
1 2008-02-13
44 2008-02-14
3 2008-02-17
4 2008-02-18
2 2008-02-19
2 2008-02-20
6 2008-02-21
1 2008-02-22
1 2008-02-23
31 2008-02-26
3 2008-02-27
1 2008-02-28
4 2008-02-29
And for 2008-03 UTC thus far:
3 2008-03-01
0 2008-03-02
2 2008-03-03
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.cymru.com/
ASSERT(coffee != empty);
More information about the nsp-security
mailing list