Monday, June 03, 2013

Strange DNS Queries Generated From my Sleeping MacBook Air

This evening I noticed a handful of random DNS queries that were being generated from my network. They had an apparently random, 10-character, names such as:
I traced the queries to my MacBook Air and noticed that the requests were always made in groups of threes, and occurred about every hour or so, even when my MacBook Air (running OS X 10.8.3) was sleeping with the lid closed. I started to get worried, wondering if there was some malware that had infected my machine and was sending out requests to get commands from a master botnet server somewhere (even though they were requests for a local host).

I did a little digging and found that Chrome sends out three random HTTP HEAD queries to find out if your ISP is hijacking the "host not found" message. Since I have Power Nap enabled in OS X, every time my MacBook Air would turn on to check for updates, Chrome would make the requests. Mystery solved!

1 comment:

Post a Comment