possible dos on dns attack ??? (tinydns)
Barry Margolin
barmar at alum.mit.edu
Fri May 13 00:50:33 UTC 2005
In article <d6043p$9c5$1 at sf1.isc.org>, "Piotrek" <bombel1 at tenbit.pl>
wrote:
> Hi everyone,
> lately I experience huge traffic on my server's NIC. I use debian, tinydns,
> dnscache. There are only 3 domains in my dns, address 10.0.0.2 is the
> address of my firewall. Here is the output from iptraf: (just small part):
> hu May 5 12:21:19 2005; UDP; eth0; 56 bytes; from 10.0.0.2:11803 to
> 200.130.31.5:domain
> Thu May 5 12:21:19 2005; UDP; eth0; 65 bytes; from 10.0.0.2:27725 to
> 192.36.148.17:domain
> Thu May 5 12:21:19 2005; UDP; eth0; 253 bytes; from 192.5.6.30:domain to
> 10.0.0.2:5178
> Thu May 5 12:21:19 2005; ICMP; eth0; 281 bytes; from 10.0.0.2 to
> 192.5.6.30; dest unrch (port)
> Thu May 5 12:21:19 2005; UDP; eth0; 393 bytes; from 192.42.93.32:domain to
> 10.0.0.2:56754
Without seeing the contents of these DNS packets, it's impossible to
tell whether they're reasonable or some kind of attack.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list