Anyone else seeing excessive DNS requests hammering their local forwarders this evening. We’ve just taken our residence network off-line owing to the level of port 53 traffic coming from it. Can’t see anything in the usual places regarding this….
Cheers
Ian
I see no abnormal dns requests on our caching aswell authorative
servers.
<quote who="Anderson, Ian">
Anyone else seeing excessive DNS requests hammering their local
forwarders this evening. We've just taken our residence network
off-line owing to the level of port 53 traffic coming from it. Can't
see anything in the usual places regarding this....
Things seem normal over here...
http://fiona.everybox.com/~davidu/dns1-101304-120500pdt.png
(authoritative ns)
Are the residents actually making legit DNS queries or just spewing down
port 53?
-davidu
Have you considered zombie / trojan machines being used as spam vectors?
For example, here's a presentation at SANOG earlier this year - http://jameslick.com/zombies/Tracking%20A%20Zombie%20Army.pdf
srs