Re: [Fedora] Re: bind lame servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Andreas Bernauer wrote:

Our webserver was continously asked to deliver the very same two files
over and over again, until we blocked the requesting IP (from China).
My guess is that they just have some scripts that went berserk without
anybody watching them.
Ya think? This was after I turned the query log on - just on one IP - there were at least 9 different IPs doing the same thing:
May 24 20:35:57 trinity named[8152]: client 222.231.29.14#2872: query: beaconfunding.com IN MX + May 24 20:35:57 trinity named[8152]: client 222.231.29.14#2873: query: integrity.com IN MX + May 24 20:35:57 trinity named[8152]: client 222.231.29.14#1606: query: mail.vacancesbleues.com IN A + May 24 20:35:57 trinity named[8152]: client 222.231.29.14#3072: query: kaplantel.net IN MX + May 24 20:35:57 trinity named[8152]: client 222.231.29.14#1604: query: mailer.fsu.edu IN A + May 24 20:35:57 trinity named[8152]: client 222.231.29.14#1598: query: vmailhub.mclink.it IN A + May 24 20:35:58 trinity named[8152]: client 222.231.29.14#3136: query: sensus.com IN MX + May 24 20:35:58 trinity named[8152]: client 222.231.29.14#1606: query: relay1.completel.fr IN A + May 24 20:35:58 trinity named[8152]: client 222.231.29.14#3240: query: dewittworld.com IN MX + May 24 20:35:58 trinity named[8152]: client 222.231.29.14#3744: query: profitkey.com IN MX + May 24 20:35:58 trinity named[8152]: client 222.231.29.14#3745: query: konya.com IN MX + May 24 20:35:58 trinity named[8152]: client 222.231.29.14#3963: query: wieseusa.com IN MX + May 24 20:35:58 trinity named[8152]: client 222.231.29.14#4034: query: amebacctv.com IN MX + May 24 20:35:58 trinity named[8152]: client 222.231.29.14#4105: query: dis.ulpgc.es IN MX + May 24 20:35:58 trinity named[8152]: client 222.231.29.14#4148: query: nmrs.com IN MX + May 24 20:35:58 trinity named[8152]: client 222.231.29.14#4278: query: mail.rdu.bellsouth.net IN MX + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#4469: query: excel-machine.com IN MX + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#4487: query: osetia.com IN MX + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#4812: query: simpson.com IN MX + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#4970: query: oz-ar.net IN MX + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1307: query: sixt.com IN MX + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1595: query: mx7-jan.integrity.com IN A + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1609: query: kaplantel.net.mail2.psmtp.com IN A + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1671: query: globalctg.net IN MX + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1872: query: interverse.com IN MX + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1971: query: mail.sixt.com IN A + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1988: query: alloy-welding.com IN MX + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1595: query: mx8-jan.integrity.com IN A + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1610: query: kaplantel.net.mail3.psmtp.com IN A + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1027: query: mail2.a1mail.net IN A + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#2150: query: rauch-ft.com IN MX + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1600: query: smtp3.gestion.ulpgc.es IN A + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#2173: query: jcrew.com IN MX + May 24 20:35:59 trinity named[8152]: client 222.231.29.14#1595: query: nmrs.com.s7b2.psmtp.com IN A + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1606: query: mx3c7.megamailservers.com IN A + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1610: query: kaplantel.net.mail4.psmtp.com IN A + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1600: query: mx00.mail.bellsouth.net IN A + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1595: query: mail.alloy-welding.com IN A + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1606: query: emailscan8.mci.com IN A + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#2813: query: technion.com IN MX + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1610: query: mail.rauch-ft.com IN A + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1602: query: mail.timbra.com IN A + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1600: query: mx01.mail.bellsouth.net IN A + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1595: query: backup-mx.golden.net IN A + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1606: query: emailscan8a.mci.com IN A + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#3198: query: desert.net IN MX + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1610: query: tserver3.technion.com IN A + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#3401: query: newstatesman.co.uk IN MX + May 24 20:36:00 trinity named[8152]: client 222.231.29.14#1595: query: tao.desert.net IN A + 

--
H | It's not a bug - it's an undocumented feature.
 +--------------------------------------------------------------------
 Ashley M. Kirchner <mailto:ashley@xxxxxxxxxx>   .   303.442.6410 x130
 IT Director / SysAdmin / Websmith             .     800.441.3873 x130
 Photo Craft Imaging                       .     3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux