DNS query saturating T1

Max Kipness max at assuredata.com
Fri Oct 16 20:42:48 IST 2009


Yes, 192.168.0.211, is our internal address.

I found this on the internet, and not sure if it was the cause, but we
definitely had Bind 9 that was not updated to the 'P' version that fixes
this exploit. I've since updated right now, so we will see. I hope this
is it.

http://www.linux-magazine.com/Online/News/DoS-Attack-Exploit-in-BIND-9

To the others that responded, I'm hitting a few RBLs at the MTA level,
and through SpamAssassin. But I don't think it will matter how many are
being hit, you might overload your cpu or memory, but I don't think you
could ever saturate a T1 with that traffic. This was a thousands or
hundreds of thousands of queries per second to some server that had
nothing to do with RBLs.

Max

> Who's 0.211? You?
> On Oct 16, 2009, at 1:41 PM, Max Kipness wrote:

> Thu Oct 15 12:00:06 2009; UDP; eth0; 43 bytes; from  
> 192.168.0.211:57541


Thanks -

Max Kipness
AssureDATA, Inc.
Office: 214-717-4644 
Mobile: 214-417-8412
Email: max at assuredata.com

Please note my new office number above. Please use this number first
when attempting to contact me!




More information about the MailScanner mailing list