[44net] anyone seeing these?

I've been getting absolutely bombarded with dns query frames most of which come from commercial IPs (that are now blocked) however I'm seeing some from what appears to be 44/8, but I suspect most of these are spoofed. There's always the chance someone's been compromised. An example from wireshark: 72 13.058158 44.96.84.78 44.88.0.9 DNS Standard query A oitutrxutxx.www.luse7.com I know this IP is not configured so it must be spoofed (aka: no DNS) and it doesn't appear to be alive, nor is this the only one from 44/8. 140 35.327781 44.180.172.99 44.88.0.9 DNS Standard query A ttx.www.luse8.com 595 181.341697 44.219.111.186 44.88.0.9 DNS Standard query A m.www.luse9.com I'm sure this is a DNS worm of sorts but it was attacking my MFNOS node (which does not even have a dns server compiled in it) at the rate of 500,000 frames a minute. While harmless to such, it's still bandwidth used for nothing. Has anyone seen these sort of junk dns requests before? -- 73 de Brian Rogers - N1URO email: <n1uro(a)n1uro.ampr.org> Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.