Andreas Bernauer wrote:
Our webserver was continously asked to deliver the very same two files
over and over again, until we blocked the requesting IP (from China).
My guess is that they just have some scripts that went berserk without
anybody watching them.
Ya think? This was after I turned the query log on - just on one IP
- there were at least 9 different IPs doing the same thing:
May 24 20:35:57 trinity named[8152]: client 222.231.29.14#2872: query:
beaconfunding.com IN MX +
May 24 20:35:57 trinity named[8152]: client 222.231.29.14#2873: query:
integrity.com IN MX +
May 24 20:35:57 trinity named[8152]: client 222.231.29.14#1606: query:
mail.vacancesbleues.com IN A +
May 24 20:35:57 trinity named[8152]: client 222.231.29.14#3072: query:
kaplantel.net IN MX +
May 24 20:35:57 trinity named[8152]: client 222.231.29.14#1604: query:
mailer.fsu.edu IN A +
May 24 20:35:57 trinity named[8152]: client 222.231.29.14#1598: query:
vmailhub.mclink.it IN A +
May 24 20:35:58 trinity named[8152]: client 222.231.29.14#3136: query:
sensus.com IN MX +
May 24 20:35:58 trinity named[8152]: client 222.231.29.14#1606: query:
relay1.completel.fr IN A +
May 24 20:35:58 trinity named[8152]: client 222.231.29.14#3240: query:
dewittworld.com IN MX +
May 24 20:35:58 trinity named[8152]: client 222.231.29.14#3744: query:
profitkey.com IN MX +
May 24 20:35:58 trinity named[8152]: client 222.231.29.14#3745: query:
konya.com IN MX +
May 24 20:35:58 trinity named[8152]: client 222.231.29.14#3963: query:
wieseusa.com IN MX +
May 24 20:35:58 trinity named[8152]: client 222.231.29.14#4034: query:
amebacctv.com IN MX +
May 24 20:35:58 trinity named[8152]: client 222.231.29.14#4105: query:
dis.ulpgc.es IN MX +
May 24 20:35:58 trinity named[8152]: client 222.231.29.14#4148: query:
nmrs.com IN MX +
May 24 20:35:58 trinity named[8152]: client 222.231.29.14#4278: query:
mail.rdu.bellsouth.net IN MX +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#4469: query:
excel-machine.com IN MX +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#4487: query:
osetia.com IN MX +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#4812: query:
simpson.com IN MX +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#4970: query:
oz-ar.net IN MX +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1307: query:
sixt.com IN MX +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1595: query:
mx7-jan.integrity.com IN A +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1609: query:
kaplantel.net.mail2.psmtp.com IN A +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1671: query:
globalctg.net IN MX +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1872: query:
interverse.com IN MX +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1971: query:
mail.sixt.com IN A +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1988: query:
alloy-welding.com IN MX +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1595: query:
mx8-jan.integrity.com IN A +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1610: query:
kaplantel.net.mail3.psmtp.com IN A +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1027: query:
mail2.a1mail.net IN A +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#2150: query:
rauch-ft.com IN MX +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1600: query:
smtp3.gestion.ulpgc.es IN A +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#2173: query:
jcrew.com IN MX +
May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1595: query:
nmrs.com.s7b2.psmtp.com IN A +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1606: query:
mx3c7.megamailservers.com IN A +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1610: query:
kaplantel.net.mail4.psmtp.com IN A +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1600: query:
mx00.mail.bellsouth.net IN A +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1595: query:
mail.alloy-welding.com IN A +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1606: query:
emailscan8.mci.com IN A +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#2813: query:
technion.com IN MX +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1610: query:
mail.rauch-ft.com IN A +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1602: query:
mail.timbra.com IN A +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1600: query:
mx01.mail.bellsouth.net IN A +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1595: query:
backup-mx.golden.net IN A +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1606: query:
emailscan8a.mci.com IN A +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#3198: query:
desert.net IN MX +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1610: query:
tserver3.technion.com IN A +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#3401: query:
newstatesman.co.uk IN MX +
May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1595: query:
tao.desert.net IN A +
--
H | It's not a bug - it's an undocumented feature.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley@xxxxxxxxxx> . 303.442.6410 x130
IT Director / SysAdmin / Websmith . 800.441.3873 x130
Photo Craft Imaging . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.