Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Sharp increase in DNS traffic.

discuss AT

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Sharp increase in DNS traffic.

Chronological Thread 
  • From: Jeff Taylor <shdwdrgn AT>
  • To: discuss AT
  • Subject: Re: [opennic-discuss] Sharp increase in DNS traffic.
  • Date: Sun, 19 Jun 2011 20:44:53 -0600
  • List-archive: <>
  • List-id: <>

An update to this... checking my own logs tonight, I see a new attack occurring. Source port is 48849, and the query info is for " IN TXT +E"

On 06/19/2011 08:28 PM, Jeff Taylor wrote:
We've had some small bits of discussion on IRC over the weekend regarding a flood of MX queries that result in errors. If you do any sort of logging on your server, see if you can pick out any trends.

One known issue to check for that might account for your sudden activity... check to see if you have large blocks of DNS activity that all come in on port 25345 and are looking for If you are seeing this, someone is trying to use your server in an attempt to DDOS the creators of BIND (don't ask why, nobody has been able to figure that out)... I have a bash script you can run in the background that will automatically add and expire iptables rules to control the flow, however it requires that you have a log file showing the offending IP addresses. Send me an email or catch me on IRC if you need to use this.

Archive powered by MHonArc 2.6.19.

Top of Page