Date: Mon, 16 Jan 2006 22:44:24 -0500 From: Robert Atkinson <phreaki@gmail.com> To: Steve Suhre <cheesiest@nano.net> Cc: freebsd-hackers@freebsd.org Subject: Re: Named requests filling up T1 Message-ID: <6fb2b4650601161944tce07ee1x78e2d8ea9d5982f9@mail.gmail.com> In-Reply-To: <43CC65BC.9040005@nano.net> References: <43CC59E7.6080505@nano.net> <015901c61b15$898648a0$1200a8c0@gsicomp.on.ca> <43CC65BC.9040005@nano.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Then complain to their isp. That has solved most problems for me, and in any case it'll stop or you know it's your problem and not theirs. If you can query your domain by switching your default nameservers to your machine's default NS, and not see any debug messages, you should be fine and complain away. That's only if you are using the same .host files in question, then you should have a fine test bed. Otherwise, i'd do a passive scan on their ip's and identify the OS in question, and test it before I complain. .01 cents P On 1/16/06, Steve Suhre <cheesiest@nano.net> wrote: > > >Looks like someone is spamming your DNS server with queries. > > > >Two questions: > >1) Is v.tn.co.za a domain that you are authorative for? > >2) Are you an ISP and/or is client 64.18.133.103 authorized to use your = DNS > >server? > > > >If the answer to 1) is NO, then there's no reason for these queries to b= e > >directed to your DNS server from the Internet. > >If the answer to 2) is NO, then there's no reason for these queries to b= e > >directed to your DNS server from the Internet. > > > >Source IP filtering is likely your best option, although it doesn't help > >with your T1 saturation, although it would give whoever is blasting thes= e > >queries a clue. > > > >-- > >Matt Emmerton > > > > > > > > > Thanks Matt, > > The answer to both is no. The domain doesn't resolve either > (v.tn.co.za). It looks like the source IP changes too...sigh.... I tried > a whois on the source IP and it was not found, so it may be spoofed? Or > someone has a very messed up server... > > > > > > -- > > > > Steve Suhre > steve@pasta.net > 719.439.6052 Cell > 719.632.2897 Home > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org= " >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6fb2b4650601161944tce07ee1x78e2d8ea9d5982f9>