Named requests filling up T1

Robert Atkinson phreaki at gmail.com
Mon Jan 16 19:44:26 PST 2006


Then complain to their isp.

That has solved most problems for me, and in any case it'll stop or
you know it's your problem and not theirs.

If you can query your domain by switching your default nameservers to
your machine's default NS, and not see any debug messages, you should
be fine and complain away.
That's only if you are using the same .host files in question, then
you should have a fine test bed.

Otherwise, i'd do a passive scan on their ip's and identify the OS in
question, and test it before I complain.

.01 cents
P

On 1/16/06, Steve Suhre <cheesiest at nano.net> wrote:
>
> >Looks like someone is spamming your DNS server with queries.
> >
> >Two questions:
> >1) Is v.tn.co.za a domain that you are authorative for?
> >2) Are you an ISP and/or is client 64.18.133.103 authorized to use your DNS
> >server?
> >
> >If the answer to 1) is NO, then there's no reason for these queries to be
> >directed to your DNS server from the Internet.
> >If the answer to 2) is NO, then there's no reason for these queries to be
> >directed to your DNS server from the Internet.
> >
> >Source IP filtering is likely your best option, although it doesn't help
> >with your T1 saturation, although it would give whoever is blasting these
> >queries a clue.
> >
> >--
> >Matt Emmerton
> >
> >
> >
>
>
> Thanks Matt,
>
> The answer to both is no. The domain doesn't resolve either
> (v.tn.co.za). It looks like the source IP changes too...sigh.... I tried
> a whois on the source IP and it was not found, so it may be spoofed? Or
> someone has a very messed up server...
>
>
>
>
>
> --
>
>
>
> Steve Suhre
> steve at pasta.net
> 719.439.6052 Cell
> 719.632.2897 Home
>
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>


More information about the freebsd-hackers mailing list