Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

I had a couple others that were showing usage in the tens of thousands for the day, which I briefly considered nuking, but after I blocked this one IP the traffic dropped off so much that the other queries looked more like normal usage.  I honestly think this was either some kind of spambot, or a directed attack against my server.  The last time I saw that kind of traffic on my T2, there was clear evidence that it was related to spam runs.  Normal traffic under OpenNic should never approach enough volume to saturate a basic DSL connection (unless we grow by at least a factor of 10), so when I see something like this occur, I can only assume it is malicious traffic.


On 12/24/2010 09:26 PM, Dean Gardiner wrote:

For a minute there I thought it was my "monitor.ing" but that only does 1 request every 5th minutes.

On Dec 25, 2010 5:08 PM, "Jeff Taylor" <shdwdrgn AT sourpuss.net> wrote:
> This evening I have to block an IP address which was pulling *massive*
> amounts of queries off of ns1.co.us.dns.opennic.glue. This address was
> completely flooding my bandwidth and preventing regular traffic flow, so
> I nuked it with iptables.
>
> If 88.190.13.47 belongs to you, sorry for that but good god what were
> you doing? If there was a legitimate use for so much traffic (about
> 250,000 queries in 10-15 minutes), let me know, and we'll see if we can
> work out something.
> _______________________________________________
> discuss mailing list
> discuss AT lists.opennicproject.org
> http://lists.darkdna.net/mailman/listinfo/discuss

_______________________________________________
discuss mailing list
discuss AT lists.opennicproject.org
http://lists.darkdna.net/mailman/listinfo/discuss