From owner-freebsd-hackers@FreeBSD.ORG Tue Jan 17 03:44:26 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 363BB16A41F for ; Tue, 17 Jan 2006 03:44:26 +0000 (GMT) (envelope-from phreaki@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id B94FA43D46 for ; Tue, 17 Jan 2006 03:44:25 +0000 (GMT) (envelope-from phreaki@gmail.com) Received: by zproxy.gmail.com with SMTP id 16so1305913nzp for ; Mon, 16 Jan 2006 19:44:25 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QhOaLnOyrr/K0Id/ql5tVA36FEA+W3mJOkicxqMQjF03TFYOcsARyXAw+3SpmmNlh1CZUe017R9bREZ8CSCU4JycvF1/O4DbrDZ2WzF7cq6OxFu1Qc6t/xcQr57hCpTdY/2zbOyK3NtqPOMnOmkcziFRLSdHjuwQm/aM80LjNts= Received: by 10.65.141.6 with SMTP id t6mr3643381qbn; Mon, 16 Jan 2006 19:44:24 -0800 (PST) Received: by 10.65.160.14 with HTTP; Mon, 16 Jan 2006 19:44:24 -0800 (PST) Message-ID: <6fb2b4650601161944tce07ee1x78e2d8ea9d5982f9@mail.gmail.com> Date: Mon, 16 Jan 2006 22:44:24 -0500 From: Robert Atkinson To: Steve Suhre In-Reply-To: <43CC65BC.9040005@nano.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <43CC59E7.6080505@nano.net> <015901c61b15$898648a0$1200a8c0@gsicomp.on.ca> <43CC65BC.9040005@nano.net> X-Mailman-Approved-At: Tue, 17 Jan 2006 13:43:36 +0000 Cc: freebsd-hackers@freebsd.org Subject: Re: Named requests filling up T1 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2006 03:44:26 -0000 Then complain to their isp. That has solved most problems for me, and in any case it'll stop or you know it's your problem and not theirs. If you can query your domain by switching your default nameservers to your machine's default NS, and not see any debug messages, you should be fine and complain away. That's only if you are using the same .host files in question, then you should have a fine test bed. Otherwise, i'd do a passive scan on their ip's and identify the OS in question, and test it before I complain. .01 cents P On 1/16/06, Steve Suhre wrote: > > >Looks like someone is spamming your DNS server with queries. > > > >Two questions: > >1) Is v.tn.co.za a domain that you are authorative for? > >2) Are you an ISP and/or is client 64.18.133.103 authorized to use your = DNS > >server? > > > >If the answer to 1) is NO, then there's no reason for these queries to b= e > >directed to your DNS server from the Internet. > >If the answer to 2) is NO, then there's no reason for these queries to b= e > >directed to your DNS server from the Internet. > > > >Source IP filtering is likely your best option, although it doesn't help > >with your T1 saturation, although it would give whoever is blasting thes= e > >queries a clue. > > > >-- > >Matt Emmerton > > > > > > > > > Thanks Matt, > > The answer to both is no. The domain doesn't resolve either > (v.tn.co.za). It looks like the source IP changes too...sigh.... I tried > a whois on the source IP and it was not found, so it may be spoofed? Or > someone has a very messed up server... > > > > > > -- > > > > Steve Suhre > steve@pasta.net > 719.439.6052 Cell > 719.632.2897 Home > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org= " >