[74784] in North American Network Operators' Group
Re: Excessive DNS Requests
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Wed Oct 13 21:39:04 2004
Date: Thu, 14 Oct 2004 02:38:28 +0100 (BST)
From: Suresh Ramasubramanian <suresh@outblaze.com>
To: "Anderson, Ian" <i.anderson@lancaster.ac.uk>
Cc: nanog@merit.edu
In-Reply-To: <7F332A8009EE5D4CB62C87717A3498A10908D447@exchange-be1.lancs.ac.uk>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 13 Oct 2004, Anderson, Ian wrote:
> Anyone else seeing excessive DNS requests hammering their local
> forwarders this evening. We've just taken our residence network
> off-line owing to the level of port 53 traffic coming from it. Can't
> see anything in the usual places regarding this....
Have you considered zombie / trojan machines being used as spam vectors?
For example, here's a presentation at SANOG earlier this year -
http://jameslick.com/zombies/Tracking%20A%20Zombie%20Army.pdf
srs
