|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical dns hits / 212.5.128/19 going wild
I am seeing a somewhat similar problem with my name server. It is configured
not to recurse queries except for our network. Since I enabled this feature,
I noticed we receive numerous requests from unauthorized hosts. It seems all
the unauthorized queries are MX requests for AOL.COM. Here's a sample
rejection log:
25-Apr-2000 12:21:48.647 security: unapproved recursive query from
[212.5.135.39].2091 for aol.com
and below the number of his for the last 4 days. Notice the 250,000 requests
from 212.5.135.39 That's really abusive and I have blackholed 212.5.128/19
for the moment.
1424 192.92.129.3
1332 193.200.17.87
516 193.68.3.250
399 208.226.167.19
70 212.5.133.129
635 212.5.135.16
250292 212.5.135.39
57 212.5.139.65
1286 212.5.159.42
28 212.5.159.53
71 212.56.18.66
58 212.91.173.60
1992 63.192.247.53
Now I do not understand why we are getting those hits. Our nameserver
(207.153.200.35) is not an aol.com secondary and has never been.
Does anyone have a clue?
JP
Attachment:
smime.p7s
|