Excessive DNS Requests

Anderson_Ian · October 13, 2004, 6:49pm

Anyone else seeing excessive DNS requests hammering their local forwarders this evening. We’ve just taken our residence network off-line owing to the level of port 53 traffic coming from it. Can’t see anything in the usual places regarding this….

Cheers

Ian

Cliff_Albert1 · October 13, 2004, 6:54pm

I see no abnormal dns requests on our caching aswell authorative
servers.

David_A_Ulevitch · October 13, 2004, 7:08pm

Anyone else seeing excessive DNS requests hammering their local
forwarders this evening. We've just taken our residence network
off-line owing to the level of port 53 traffic coming from it. Can't
see anything in the usual places regarding this....

Things seem normal over here...

http://fiona.everybox.com/~davidu/dns1-101304-120500pdt.png
(authoritative ns)

Are the residents actually making legit DNS queries or just spewing down
port 53?

-davidu

Suresh_Ramasubraman1 · October 14, 2004, 1:38am

Have you considered zombie / trojan machines being used as spam vectors?

For example, here's a presentation at SANOG earlier this year - http://jameslick.com/zombies/Tracking%20A%20Zombie%20Army.pdf

srs