From owner-freebsd-questions Tue Jun 6 12: 7:51 2000 Delivered-To: freebsd-questions@freebsd.org Received: from hotmail.com (f147.law9.hotmail.com [64.4.9.147]) by hub.freebsd.org (Postfix) with SMTP id 69BB737B544 for ; Tue, 6 Jun 2000 12:07:49 -0700 (PDT) (envelope-from ejsilver49@hotmail.com) Received: (qmail 7706 invoked by uid 0); 6 Jun 2000 19:07:49 -0000 Message-ID: <20000606190749.7705.qmail@hotmail.com> Received: from 166.117.12.8 by www.hotmail.com with HTTP; Tue, 06 Jun 2000 12:07:49 PDT X-Originating-IP: [166.117.12.8] From: "first name" To: freebsd-questions@freebsd.org Subject: DNS DOS attack? Probably not.... Date: Tue, 06 Jun 2000 15:07:49 EDT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I run a DNS server for a small ISP. In the middle of the night, our DNS server gets repeated requests for lookups from a small number of users. One user might generate 100 to 150 DNS requests each minute. Others might send 50 to 75 requests per minute. There is a core group that does this every night. And an equal number of people send the repeated DNS requests off and on. Most are forward lookups, but about 25% are reverse lookups. Any idea what the hell they are doing? DOS? Cracking? Trying to keep the connection nailed up? Why would any program need to do 100 DNS lookups in a minute? Could I have set up something wrong? Can't imagine what. Thanks for any ideas or information. EJ ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message