DNS query saturating T1
max at assuredata.com
Fri Oct 16 20:42:48 IST 2009
Yes, 192.168.0.211, is our internal address.
I found this on the internet, and not sure if it was the cause, but we
definitely had Bind 9 that was not updated to the 'P' version that fixes
this exploit. I've since updated right now, so we will see. I hope this
To the others that responded, I'm hitting a few RBLs at the MTA level,
and through SpamAssassin. But I don't think it will matter how many are
being hit, you might overload your cpu or memory, but I don't think you
could ever saturate a T1 with that traffic. This was a thousands or
hundreds of thousands of queries per second to some server that had
nothing to do with RBLs.
> Who's 0.211? You?
> On Oct 16, 2009, at 1:41 PM, Max Kipness wrote:
> Thu Oct 15 12:00:06 2009; UDP; eth0; 43 bytes; from
Email: max at assuredata.com
Please note my new office number above. Please use this number first
when attempting to contact me!
More information about the MailScanner