empty DoS queries
Frank Kirschner
147859 at celebrate.de
Tue Feb 24 07:34:10 UTC 2009
10.48.0.19 is a WLAN Router with DNS Cache, WAN=> WLAN, LAN=>local
network. Normally the Router should cache all queries coming from the
LAN. I belive, the PC inside the LAN has a virus or trojan and floods
the WRT router.
I have contacted the user and after disconnet the PC behind, everything
is allright - crazy world.
best regard
Frank
Mark Andrews wrote:
> I suspect you have a broken application on 10.48.0.19.
>
> Mark
>
> In message <70fo2dF49pfpU1 at mid.individual.net>, Frank Kirschner writes:
>> Hello,
>> since last night we log emtpty queries (approx. 4000 per seconds) like
>> this from a client in our LAN:
>>
>> 23-Feb-2009 13:20:15.516 queries: info: client 10.48.0.19#2048: query:
>> \(none\) IN A +
>>
>> Additional there are also such log entries, (approx. 4000 per seconds):
>>
>> 23-Feb-2009 14:05:56.464 queries: info: client 10.48.0.19#2048: query:
>> luca.inetgate.net IN A +
>>
>> What could be the resons for it? Should I investigate and limit the
>> packet flow by iptables/netfilter on port 53 of my BIND 9, actual
>> release for Centos 5.2
More information about the bind-users
mailing list