DNS query saturating T1
Max Kipness
max at assuredata.com
Fri Oct 16 20:42:48 IST 2009
Yes, 192.168.0.211, is our internal address.
I found this on the internet, and not sure if it was the cause, but we
definitely had Bind 9 that was not updated to the 'P' version that fixes
this exploit. I've since updated right now, so we will see. I hope this
is it.
http://www.linux-magazine.com/Online/News/DoS-Attack-Exploit-in-BIND-9
To the others that responded, I'm hitting a few RBLs at the MTA level,
and through SpamAssassin. But I don't think it will matter how many are
being hit, you might overload your cpu or memory, but I don't think you
could ever saturate a T1 with that traffic. This was a thousands or
hundreds of thousands of queries per second to some server that had
nothing to do with RBLs.
Max
> Who's 0.211? You?
> On Oct 16, 2009, at 1:41 PM, Max Kipness wrote:
> Thu Oct 15 12:00:06 2009; UDP; eth0; 43 bytes; from
> 192.168.0.211:57541
Thanks -
Max Kipness
AssureDATA, Inc.
Office: 214-717-4644
Mobile: 214-417-8412
Email: max at assuredata.com
Please note my new office number above. Please use this number first
when attempting to contact me!
More information about the MailScanner
mailing list