3,000+ DNS /./ANY/ANY requests - ...resent...

fbsdq fbsdq at kuyarov.org
Sat Feb 14 20:08:54 PST 2004

Sorry about the earlier question, that was more or less just blank.... 

  About a week ago I started noticing 3,000 or more requests coming from  
several ips for the following DNS queries:

  Those are just two examples, but each IP - I have about 20 of them now 
create 3,000 or more queries within several minutes.  All the queries are 
exactly the same for ./ANY/ANY.....any idea what those queries are? or what 
they are trying to do?
  Also how can I create an 'ipfw' rule to block an ip if XX amount of 
connections come in within XX amount of minutes/seconds??  Right now I 
manually block them, and yes those IP's try a day or so later to DNS bomb 
(?) my machine. 



More information about the freebsd-questions mailing list