Can one generalize the mitigation given above to all query types or all queries?
Am seeing peaks around 100,000 queries per hour, for several consecutive hours at a time. Thanks, Mohamed. On Tue, Sep 11, 2012 at 1:06 AM, Mohamed Lrhazi <[email protected]> wrote: > Just looked at my logs, and I am seeing the same thing, and we are > georgetown.edu > > This is a report on last 24 hours, top clients, for ANY queries: > > client,count,percent > "113.21.221.21",227099,"29.606419" > "114.141.72.36",116118,"15.138060" > "114.141.72.40",86072,"11.221026" > "113.21.221.19",62376,"8.131828" > "122.248.245.102",44656,"5.821709" > "103.22.245.55",42315,"5.516518" > "184.105.175.216",35967,"4.688942" > "100.42.234.26",23495,"3.062994" > "114.141.72.45",20165,"2.628869" > "100.42.234.51",19243,"2.508669" > "114.141.72.37",18303,"2.386124" > "113.21.221.18",16093,"2.098011" > "222.186.27.31",14600,"1.903371" > "112.90.22.66",8586,"1.119339" > "183.60.200.137",6135,"0.799807" > "122.248.233.134",3046,"0.397101" > "122.248.238.198",2929,"0.381848" > "61.160.223.25",2383,"0.310667" > "61.160.223.30",1963,"0.255912" > "61.160.223.39",1355,"0.176649" > > Thanks, > Mohamed. > On Mon, Sep 10, 2012 at 11:52 PM, Robert Schwartz <[email protected]> > wrote: >> Hi All, >> >> We run a bunch of authoritative servers and have recently observed activity >> best described in a post we found here: >> https://isc.sans.edu/diary/DNS+ANY+Request+Cannon+-+Need+More+Packets/13261 >> >> Using the iptables rules posted as a comment by Network Mouse (in the above >> post), we've been able to reduce the amount of junk being sent to the target >> host. Most of the target hosts seem to be in Asia, just like those mentioned >> in the Sans post. >> >> The question I have for you all is: Is this something affecting other >> operators? How have you been dealing with it? >> >> Thanks in advance for your feedback. >> >> -Rob >> >> >> >> >> _______________________________________________ >> dns-operations mailing list >> [email protected] >> https://lists.dns-oarc.net/mailman/listinfo/dns-operations >> dns-jobs mailing list >> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
