dns-operations AT lists.opennicproject.org
Subject: Dns-operations mailing list
List archive
- From: Jeff Taylor <shdwdrgn AT sourpuss.net>
- To: dns-operations AT lists.opennicproject.org
- Subject: Re: [opennic-dns-operations] Banning 206.225.82.0/24 netblock for 48 hours.
- Date: Sun, 21 Apr 2013 15:04:19 -0600
I am seeing the same type of traffic here from this IP block. It
appears to be querying in cycles of 1 second --- making about 50
requests for 1 second, then stopping all activity for 1 second. I am
adding this IP to my blocklist as well. If someone wants to make
commercial use of OpenNic, I see no problems with this, however they
should be running their own DNS server for this amount of traffic.
I'm pasting a small sampling of the tcpdump below for reference...
14:56:05.304385 IP 206.225.82.240.33941 > 216.87.84.211.53: 15+ A?
178.180.214.67.cbl.abuseat.org. (48)
14:56:05.305146 IP 206.225.82.240.56948 > 216.87.84.211.53: 26+ A?
178.180.214.67.dnsbl.inps.de. (46)
14:56:05.318239 IP 206.225.82.246.53393 > 216.87.84.211.53: 112+ A?
178.180.214.67.rbl-plus.mail-abuse.org. (56)
14:56:05.320892 IP 206.225.82.120.59328 > 216.87.84.211.53: 20+ A?
178.180.214.67.b.barracudacentral.org. (55)
14:56:05.326319 IP 206.225.82.120.38784 > 216.87.84.211.53: 73+ A?
178.180.214.67.xs.surbl.org. (45)
14:56:05.329781 IP 206.225.82.246.53808 > 216.87.84.211.53: 112+ A?
178.180.214.67.z.mailspike.net. (48)
14:56:05.332283 IP 206.225.82.246.57741 > 216.87.84.211.53: 119+ A?
178.180.214.67.block.dnsbl.sorbs.net. (54)
14:56:05.332997 IP 206.225.82.120.53693 > 216.87.84.211.53: 123+ A?
178.180.214.67.list.bbfh.org. (46)
14:56:05.345830 IP 206.225.82.240.38310 > 216.87.84.211.53: 94+ A?
178.180.214.67.bsb.empty.us. (45)
14:56:05.347685 IP 206.225.82.120.52860 > 216.87.84.211.53: 104+ A?
178.180.214.67.dnsrbl.swinog.ch. (49)
14:56:05.360841 IP 206.225.82.214.60666 > 216.87.84.211.53: 34+ A?
178.180.214.67.safe.dnsbl.sorbs.net. (53)
14:56:05.362052 IP 206.225.82.240.35198 > 216.87.84.211.53: 50+ A?
178.180.214.67.blacklist.sci.kun.nl. (53)
14:56:05.387914 IP 206.225.82.214.42145 > 216.87.84.211.53: 40+ A?
178.180.214.67.stale.dict.rbl.arix.com. (56)
14:56:05.390990 IP 206.225.82.240.48046 > 216.87.84.211.53: 34+ A?
178.180.214.67.relays.mail-abuse.org. (54)
14:56:05.399976 IP 206.225.82.120.33447 > 216.87.84.211.53: 84+ A?
178.180.214.67.niku.2ch.net. (45)
- [opennic-dns-operations] Banning 206.225.82.0/24 netblock for 48 hours., Guillaume Parent, 04/21/2013
- Re: [opennic-dns-operations] Banning 206.225.82.0/24 netblock for 48 hours., Jeff Taylor, 04/21/2013
- Re: [opennic-dns-operations] Banning 206.225.82.0/24 netblock for 48 hours., Jeff Taylor, 04/21/2013
- Re: [opennic-dns-operations] Banning 206.225.82.0/24 netblock for 48 hours., Guillaume Parent, 04/21/2013
- Re: [opennic-dns-operations] Banning 206.225.82.0/24 netblock for 48 hours., Guillaume Parent, 04/21/2013
- Re: [opennic-dns-operations] Banning 206.225.82.0/24 netblock for 48 hours., Guillaume Parent, 04/21/2013
- Re: [opennic-dns-operations] Banning 206.225.82.0/24 netblock for 48 hours., Jeff Taylor, 04/21/2013
- <Possible follow-up(s)>
- Re: [opennic-dns-operations] Banning 206.225.82.0/24 netblock for 48 hours., Kenny Taylor, 04/22/2013
- Re: [opennic-dns-operations] Banning 206.225.82.0/24 netblock for 48 hours., Jeff Taylor, 04/21/2013
Archive powered by MHonArc 2.6.19.