Named requests filling up T1
cheesiest at nano.net
Tue Jan 17 01:37:13 PST 2006
Thanks, I think that's what I was looking for. I expect the "ISP" is in
another country somewhere and would be hard to reach, if they could be
reached at all. And it's probably a bad reference somewhere to the
server here, so shutting of recursive queries could help... If I shut
named off for an hour or two they go away, so I'm guessing the offending
server switches to the secondary and gets what it's looking for?
Mike Silbersack wrote:
>>The answer to both is no. The domain doesn't resolve either
>>(v.tn.co.za). It looks like the source IP changes too...sigh.... I tried
>>a whois on the source IP and it was not found, so it may be spoofed? Or
>>someone has a very messed up server...
>There was a thread on bugtraq about this, you're either being attacked or
>are being used to attack someone else.
>Reconfigure BIND so that it ignores recursive queries originating from
>outside your network - at least that will save your outbound bandwidth.
>Mike "Silby" Silbersack
>freebsd-hackers at freebsd.org mailing list
>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
steve at pasta.net
More information about the freebsd-hackers