Reverse lookup flood from a single host
Warren Kumari
warren at kumari.net
Sat Jul 16 14:06:06 UTC 2011
A related question (and apologies for the top post...)
Does anyone know a good way to figure out the process that is making queries? Every 30 minutes or so I get 500 - 600 for around a minute for 'vimes.kumari.net', on the machine called vimes, from 127.0.0.1. I realized that I was missing this from my hosts file and so have added it, but would still like to know how to find this next time..
There is nothing obvious in cron that fires every 30min, netstat / tcpdump, etc doesn't show anything (other than queries), I dont know what the process is, so I cannot strace it, killing random processes to see what make it stop is an option, but an annoying one...
Any ideas?
Warren Kumari
------
Please excuse typing, etc -- This was sent from a device with a tiny keyboard.
On Jul 15, 2011, at 6:00 PM, Benny Pedersen <me at junc.org> wrote:
> On Fri, 15 Jul 2011 13:24:29 -0600, Joshua Beard wrote:
>
>> Is this abuse? If so, is it likely intentional?
>
> 100% guess, the client ip running a mailserver ?
>
> if so all is ok
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list