Just looked at my logs, and I am seeing the same thing, and we are georgetown.edu
This is a report on last 24 hours, top clients, for ANY queries: client,count,percent "113.21.221.21",227099,"29.606419" "114.141.72.36",116118,"15.138060" "114.141.72.40",86072,"11.221026" "113.21.221.19",62376,"8.131828" "122.248.245.102",44656,"5.821709" "103.22.245.55",42315,"5.516518" "184.105.175.216",35967,"4.688942" "100.42.234.26",23495,"3.062994" "114.141.72.45",20165,"2.628869" "100.42.234.51",19243,"2.508669" "114.141.72.37",18303,"2.386124" "113.21.221.18",16093,"2.098011" "222.186.27.31",14600,"1.903371" "112.90.22.66",8586,"1.119339" "183.60.200.137",6135,"0.799807" "122.248.233.134",3046,"0.397101" "122.248.238.198",2929,"0.381848" "61.160.223.25",2383,"0.310667" "61.160.223.30",1963,"0.255912" "61.160.223.39",1355,"0.176649" Thanks, Mohamed. On Mon, Sep 10, 2012 at 11:52 PM, Robert Schwartz <[email protected]> wrote: > Hi All, > > We run a bunch of authoritative servers and have recently observed activity > best described in a post we found here: > https://isc.sans.edu/diary/DNS+ANY+Request+Cannon+-+Need+More+Packets/13261 > > Using the iptables rules posted as a comment by Network Mouse (in the above > post), we've been able to reduce the amount of junk being sent to the target > host. Most of the target hosts seem to be in Asia, just like those mentioned > in the Sans post. > > The question I have for you all is: Is this something affecting other > operators? How have you been dealing with it? > > Thanks in advance for your feedback. > > -Rob > > > > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
