Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Jun 2000 12:41:37 -0700 (PDT)
From:      "Eric J. Schwertfeger" <ejs@bfd.com>
To:        first name <ejsilver49@hotmail.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: DNS DOS attack?  Probably not....
Message-ID:  <Pine.BSF.4.10.10006061237340.24919-100000@harlie.bfd.com>
In-Reply-To: <20000606190749.7705.qmail@hotmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 6 Jun 2000, first name wrote:

> 
> I run a DNS server for a small ISP.  In the middle of the night, our DNS 
> server gets repeated requests for lookups from a small number of users.  One 
> user might generate 100 to 150 DNS requests each minute.  Others might send 
> 50 to 75 requests per minute.
> 
> There is a core group that does this every night.  And an equal number of 
> people send the repeated DNS requests off and on.  Most are forward lookups, 
> but about 25% are reverse lookups.
> 
> Any idea what the hell they are doing?  DOS?  Cracking?  Trying to keep the 
> connection nailed up?  Why would any program need to do 100 DNS lookups in a 
> minute?  Could I have set up something wrong? Can't imagine what.
> 
> Thanks for any ideas or information.


There's a batch program for analog that fills in RDNS info in web server
logs, though that doesn't explain the forward lookups.  Maybe they're
flushing sendmail queues.

No one thing answers all the questions, it may be a combination of things
done from a nightly cron job, or it might be something I haven't seen yet.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10006061237340.24919-100000>