Hello,
I have a firewall setup at home (runs m0n0wall v1.235) and I notice that one of the computers behind the firewall receives random DNS queries every 5 seconds for non-existent domain names .... like etihxdxh.com or dxiitidd.com (ususally 8 letters long). I can capture these packets using Wireshark and it appears that these packets are from the router (192.168.1.1:53) to my desktop (192.168.1.198:anything). No other computers behind the same firewall (same subnet) receive these packets. Antivirus software hasn't picked anything suspicious on this desktop. Any ideas what could be going on?
addendum: Just wanted to add that m0n0wall is setup with DNS forwarding and I have manually entered in Level3 nameservers (4.2.2.x). My ISP is Charter and connecting to their nameservers seems to pass on even more DNS "garbage" to my computer.
I have a firewall setup at home (runs m0n0wall v1.235) and I notice that one of the computers behind the firewall receives random DNS queries every 5 seconds for non-existent domain names .... like etihxdxh.com or dxiitidd.com (ususally 8 letters long). I can capture these packets using Wireshark and it appears that these packets are from the router (192.168.1.1:53) to my desktop (192.168.1.198:anything). No other computers behind the same firewall (same subnet) receive these packets. Antivirus software hasn't picked anything suspicious on this desktop. Any ideas what could be going on?
addendum: Just wanted to add that m0n0wall is setup with DNS forwarding and I have manually entered in Level3 nameservers (4.2.2.x). My ISP is Charter and connecting to their nameservers seems to pass on even more DNS "garbage" to my computer.
Facebook
Twitter