I've been getting absolutely bombarded with dns query frames most of which come from commercial IPs (that are now blocked) however I'm seeing some from what appears to be 44/8, but I suspect most of these are spoofed. There's always the chance someone's been compromised. An example from wireshark:
72 13.058158 44.96.84.78 44.88.0.9 DNS Standard query A oitutrxutxx.www.luse7.com
I know this IP is not configured so it must be spoofed (aka: no DNS) and it doesn't appear to be alive, nor is this the only one from 44/8.
140 35.327781 44.180.172.99 44.88.0.9 DNS Standard query A ttx.www.luse8.com
595 181.341697 44.219.111.186 44.88.0.9 DNS Standard query A m.www.luse9.com
I'm sure this is a DNS worm of sorts but it was attacking my MFNOS node (which does not even have a dns server compiled in it) at the rate of 500,000 frames a minute. While harmless to such, it's still bandwidth used for nothing.
Has anyone seen these sort of junk dns requests before?