Hello,
Since the protocol is UDP I wouldn't be too surprised if effective
sender is using multiple hosts to send UDP Data. So in fact, what
you're doing, is just fighting the symptoms and not the desease. I
have certain doubts that subxtreme.net is the real origin.
I myself am experiencing an abnormal amount of UDP Queries to this
port as well - although the rate is much lower than at your site
(about 20'000/min).
CU
Tobias
On May 30, 2008, at 6:20 PM, Marco Fretz wrote:
Hi everybody,
is there anyone else expecting massive UDP (mostly port 53) traffic
from
67.228.4.81? Destinations are (possibly random chosen) ip address
out of
our AS3915.
see attached netflow graph. We've now blocked the ip address and got
over 3.7 million blocks within 10 minutes.
I just wrote this issue to the corresponding abuse ([EMAIL PROTECTED]
)
, a provider in Brazil as i know so far.
Thanks for any feedback.
have a nice weekend, best regards
Marco
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
