Date: Sat, 14 Feb 2004 21:03:14 -0700 From: "fbsdq" <fbsdq@kuyarov.org> To: freebsd-questions@freebsd.org Subject: 3,000+ DNS /./ANY/ANY requests - ...resent... Message-ID: <200402150403.i1F43E9s003486@saexchange.toneisp.com>
next in thread | raw e-mail | index | archive | help
Sorry about the earlier question, that was more or less just blank....
Hello,
About a week ago I started noticing 3,000 or more requests coming from
several ips for the following DNS queries:
XX+/128.255.203.200/./ANY/ANY
XX+/193.201.105.4/./ANY/ANY
Those are just two examples, but each IP - I have about 20 of them now
create 3,000 or more queries within several minutes. All the queries are
exactly the same for ./ANY/ANY.....any idea what those queries are? or what
they are trying to do?
Also how can I create an 'ipfw' rule to block an ip if XX amount of
connections come in within XX amount of minutes/seconds?? Right now I
manually block them, and yes those IP's try a day or so later to DNS bomb
(?) my machine.
Thanks
---Peter---
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402150403.i1F43E9s003486>