A reverse DNS on the IP would be my first step. Then you could look up who owns that specific IP range. Sometimes large providers route a bulk of their traffic through a small external IP range (AOL comes to mind) and you could be seing a lot of individual users. That said 100qps sounds like a bug or DoS issue. I'm assuming the software reported it's current version, what version did the client report? Dumping the packet contents might also be a good idea.
Kai On 12/20/06, Jörg Jahnke <[EMAIL PROTECTED]> wrote:
Hi Kai, it were AFAIK http queries to our Product Update Service. That service can be used to check whether a new release for Sun's OpenOffice.org and StarOffice builds is available. Why there were so many queries I have no idea yet. Any hints on how to find out? Regards, Jörg Kai Backman schrieb: > On 12/19/06, Jörg Jahnke <[EMAIL PROTECTED]> wrote: >> We are trying to configure our firewall in a way that this IP address is >> going to be excluded and the service is running fine again. > > So did you figure out why this IP was sending a 100 qps to the server? > What type of queries was it? > > Kai > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Kai Backman, Software Engineer, [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
