LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   DNS security / primary names server down after large number of requests (https://www.linuxquestions.org/questions/linux-security-4/dns-security-primary-names-server-down-after-large-number-of-requests-239866/)

rioguia 10-07-2004 11:34 AM
DNS security / primary names server down after large number of requests
 
i am running fedora core 2 with the most recent version of bind from that distro. i was troubleshooting a new firewall last night using ethereal. while i was working, my domain name server (testy.substantis.com) got hit with a huge number of requests. dnsreports shows that my primary is not answering. i have tried stopping and restarting and the service restarts without complaints. the mail server that uses this server is still up and the maillogs show that mail is being received and answered ok.

could i get some help in formulating a good search for help and the logs i would review to make an intelligent quess about what happened.

i mistakenly first posted this to networking and have asked the moderator of that forum to delete that posting.

Capt_Caveman 10-07-2004 08:01 PM
It'd being interesting to see a dump of the full packets in order to get an idea of whether they're legitimate requests or malicious, also if you could provide as much info as possible (what's the approx rate, are they coming from just 1 host, is it a local host?) it might help.

------
Moderator note: We only delete threads under extreme circumstances, so please make an effort to post in the right forum, thanks.

rioguia 10-07-2004 08:27 PM
i didn't get a text output / server won't dig zones for which it is primary
 
i didn't get a text output. the terminal was just filled with dns requests. they lasted less tha one minute. is there a log file i could submit?

in the meantime, testy.substantis.com won't resolve names for which it is the primary server. eg.
[root@testy root]# dig mrcstudio.com

; <<>> DiG 9.2.3 <<>> mrcstudio.com
;; global options: printcmd
;; connection timed out; no servers could be reached
[root@testy root]#

rioguia 10-07-2004 08:46 PM
could this be bad dns traffic?
 
could this be bad dns traffic

22 -> 192.5.6.30 DNS Standard query AAAA pagead2.googlesyndication.com
982.537261 192.5.6.30 -> 69.17.65.22 DNS Standard query response
982.547415 69.17.65.22 -> 216.239.36.10 DNS Standard query AAAA pagead2.googlesyndication.com
982.561925 216.239.36.10 -> 69.17.65.22 DNS Standard query response CNAME pagead2.google.com CNAME pagead.google.akadns.net
982.571930 69.17.65.22 -> 216.239.38.10 DNS Standard query AAAA pagead2.google.com
982.587042 216.239.38.10 -> 69.17.65.22 DNS Standard query response CNAME pagead.google.akadns.net
982.597804 69.17.65.22 -> 63.241.199.54 DNS Standard query AAAA pagead.google.akadns.net
982.640974 63.241.199.54 -> 69.17.65.22 DNS Standard query response, Format error
982.655989 69.17.65.22 -> 63.241.199.54 DNS Standard query AAAA pagead.google.akadns.net
982.700854 63.241.199.54 -> 69.17.65.22 DNS Standard query response
982.722000 69.17.65.22 -> 206.132.100.108 DNS Standard query A pagead.google.akadns.net
982.768642 69.17.65.22 -> 192.5.6.30 DNS Standard query A ad.doubleclick.net
982.783882 192.5.6.30 -> 69.17.65.22 DNS Standard query response
982.785078 206.132.100.108 -> 69.17.65.22 DNS Standard query response, Format error
982.788314 69.17.65.22 -> 216.73.86.10 DNS Standard query A ad.doubleclick.net
982.788707 69.17.65.22 -> 206.132.100.108 DNS Standard query A pagead.google.akadns.net
982.808322 216.73.86.10 -> 69.17.65.22 DNS Standard query response CNAME ad.3ad.doubleclick.net
982.813112 69.17.65.22 -> 216.73.87.10 DNS Standard query A ad.3ad.doubleclick.net
982.828448 216.73.87.10 -> 69.17.65.22 DNS Standard query response, Format error
982.830007 69.17.65.22 -> 216.73.87.10 DNS Standard query A ad.3ad.doubleclick.net
982.844526 216.73.87.10 -> 69.17.65.22 DNS Standard query response
982.850410 69.17.65.22 -> 216.73.86.12 DNS Standard query A ad.3ad.doubleclick.net
982.855328 206.132.100.108 -> 69.17.65.22 DNS Standard query response A 216.239.39.104 A 216.239.39.147 A 216.239.39.99
982.868382 216.73.86.12 -> 69.17.65.22 DNS Standard query response A 216.73.86.23
982.875478 69.17.65.22 -> 216.239.36.10 DNS Standard query PTR 147.39.239.216.in-addr.arpa
982.887080 69.17.65.22 -> 192.55.83.32 DNS Standard query PTR 23.86.73.216.in-addr.arpa
982.889085 216.239.36.10 -> 69.17.65.22 DNS Standard query response, No such name
982.909916 69.17.65.22 -> 216.239.38.10 DNS Standard query PTR 99.39.239.216.in-addr.arpa
982.923081 216.239.38.10 -> 69.17.65.22 DNS Standard query response, No such name
982.936002 69.17.65.22 -> 216.239.38.10 DNS Standard query PTR 104.39.239.216.in-addr.arpa
982.948952 216.239.38.10 -> 69.17.65.22 DNS Standard query response, No such name
982.959591 69.17.65.22 -> 216.239.39.147 TCP 32829 > http [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460
982.959866 69.17.65.22 -> 216.239.39.147 TCP 32830 > http [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460
982.971358 216.239.39.147 -> 69.17.65.22 TCP http > 32829 [SYN, ACK] Seq=0 Ack=1 Win=8190 Len=0 MSS=1460
982.971682 69.17.65.22 -> 216.239.39.147 TCP 32829 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0
982.973818 216.239.39.147 -> 69.17.65.22 TCP http > 32830 [SYN, ACK] Seq=0 Ack=1 Win=8190 Len=0 MSS=1460
982.973994 69.17.65.22 -> 216.239.39.147 TCP 32830 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0
982.976688 69.17.65.22 -> 216.239.39.147 HTTP GET /pagead/ads?client=ca-pub-4420048478783872&dt=1097198870744&lmt=1097198868&alternate_ad_url=http%3A%2F%2Fwww.linuxquestions.or g%2Fads%2Fgoogle_below.html&prev_fmts=468x60_as&format=728x90_as&output=html&url=http%3A%2F%2Fwww.li nuxquestions.org%2Fquestions%2Fshowthread.php%3Fs%3D%26postid%3D1221283%23post1221283&color_bg=E6E6E 6&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699&ad_type=text_image&u_h=76 8&u_w=1024&u_ah=719&u_aw=1024&u_cd=24&u_tz=-240&u_his=7&u_nplug=1&u_nmime=1 HTTP/1.1
982.976864 69.17.65.22 -> 216.239.39.147 HTTP GET /pagead/ads?client=ca-pub-4420048478783872&dt=1097198869603&lmt=1097198868&alternate_ad_url=http%3A%2F%2Fwww.linuxquestions.or g%2Fads%2Fgoogle_below.html&format=468x60_as&output=html&url=http%3A%2F%2Fwww.linuxquestions.org%2Fq uestions%2Fshowthread.php%3Fs%3D%26postid%3D1221283%23post1221283&color_bg=E6E6E6&color_text=000000& color_link=0000FF&color_url=008000&color_border=336699&ad_type=text_image&u_h=768&u_w=1024&u_ah=719& u_aw=1024&u_cd=24&u_tz=-240&u_his=7&u_nplug=1&u_nmime=1 HTTP/1.1
983.308918 216.239.39.147 -> 69.17.65.22 HTTP HTTP/1.1 200 OK (text/html)
983.309237 69.17.65.22 -> 216.239.39.147 TCP 32829 > http [ACK] Seq=959 Ack=1431 Win=8580 Len=0
983.311680 216.239.39.147 -> 69.17.65.22 HTTP Continuation
983.311859 69.17.65.22 -> 216.239.39.147 TCP 32829 > http [ACK] Seq=959 Ack=1854 Win=11440 Len=0
983.504338 216.239.39.147 -> 69.17.65.22 HTTP HTTP/1.1 302 Found
983.504677 69.17.65.22 -> 216.239.39.147 TCP 32830 > http [ACK] Seq=979 Ack=320 Win=6432 Len=0
983.638135 69.17.65.22 -> 64.179.4.147 DNS Standard query AAAA ads.linuxquestions.org
983.696725 64.179.4.147 -> 69.17.65.22 DNS Standard query response
983.725547 69.17.65.22 -> 207.44.183.31 DNS Standard query A ads.linuxquestions.org
983.790104 207.44.183.31 -> 69.17.65.22 DNS Standard query response A 207.44.182.114
983.802611 69.17.65.22 -> 192.203.230.10 DNS Standard query PTR 114.182.44.207.in-addr.arpa
983.888171 192.203.230.10 -> 69.17.65.22 DNS Standard query response
983.890951 69.17.65.22 -> 192.55.83.32 DNS Standard query PTR 114.182.44.207.in-addr.arpa
984.888482 fe80::210:4bff:fe98:7459 -> ff02::1:ff00:21 ICMPv6 Neighbor solicitation
985.887872 fe80::210:4bff:fe98:7459 -> ff02::1:ff00:21 ICMPv6 Neighbor solicitation
986.887762 fe80::210:4bff:fe98:7459 -> ff02::1:ff00:21 ICMPv6 Neighbor solicitation
986.889470 69.17.65.22 -> 192.41.162.32 DNS Standard query PTR 23.86.73.216.in-addr.arpa
987.895997 69.17.65.22 -> 192.41.162.32 DNS Standard query PTR 114.182.44.207.in-addr.arpa
987.911043 65.201.175.242 -> 69.17.65.22 ICMP Destination unreachable
988.890971 69.17.65.22 -> 192.42.93.32 DNS Standard query PTR 23.86.73.216.in-addr.arpa
989.992154 69.17.65.22 -> 192.42.93.32 DNS Standard query PTR 114.182.44.207.in-addr.arpa
990.888481 69.17.65.22 -> 192.168.202.7 DNS Standard query PTR 23.86.73.216.in-addr.arpa
990.891987 69.17.65.22 -> 192.31.80.32 DNS Standard query PTR 23.86.73.216.in-addr.arpa
991.795350 69.17.65.22 -> 192.168.202.7 DNS Standard query PTR 114.182.44.207.in-addr.arpa
991.993520 69.17.65.22 -> 192.31.80.32 DNS Standard query PTR 114.182.44.207.in-addr.arpa
992.008119 65.201.175.242 -> 69.17.65.22 ICMP Destination unreachable
992.893437 69.17.65.22 -> 192.26.92.32 DNS Standard query PTR 23.86.73.216.in-addr.arpa
992.908893 192.26.92.32 -> 69.17.65.22 DNS Standard query response
992.920081 69.17.65.22 -> 216.73.85.10 DNS Standard query PTR 23.86.73.216.in-addr.arpa
992.999079 216.73.85.10 -> 69.17.65.22 DNS Standard query response PTR annyadvip1.doubleclick.net
993.995313 69.17.65.22 -> 192.26.92.32 DNS Standard query PTR 114.182.44.207.in-addr.arpa
994.010957 192.26.92.32 -> 69.17.65.22 DNS Standard query response
994.022561 69.17.65.22 -> 192.42.93.30 DNS Standard query A ns1.ev1.net
994.026511 69.17.65.22 -> 192.42.93.30 DNS Standard query A6 ns1.ev1.net
994.036388 69.17.65.22 -> 192.42.93.30 DNS Standard query A ns2.ev1.net
994.039397 69.17.65.22 -> 192.42.93.30 DNS Standard query A6 ns2.ev1.net
996.024118 69.17.65.22 -> 192.54.112.30 DNS Standard query A ns1.ev1.net
996.031166 69.17.65.22 -> 192.54.112.30 DNS Standard query A6 ns1.ev1.net
996.040418 69.17.65.22 -> 192.54.112.30 DNS Standard query A ns2.ev1.net
996.041561 69.17.65.22 -> 192.54.112.30 DNS Standard query A6 ns2.ev1.net
996.903721 69.17.65.22 -> 216.73.86.23 TCP 32831 > http [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460
996.919958 216.73.86.23 -> 69.17.65.22 TCP http > 32831 [SYN, ACK] Seq=0 Ack=1 Win=17520 Len=0 MSS=1460
996.920261 69.17.65.22 -> 216.73.86.23 TCP 32831 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0
996.922499 69.17.65.22 -> 216.73.86.23 HTTP GET /adi/linuxquestions.ds/home;pos=r_home;sz=120x600;ord=1097198867 HTTP/1.1
996.963658 216.73.86.23 -> 69.17.65.22 HTTP HTTP/1.0 200 OK (text/html)
996.963950 69.17.65.22 -> 216.73.86.23 TCP 32831 > http [ACK] Seq=559 Ack=613 Win=6721 Len=0
996.988838 69.17.65.22 -> 216.73.86.23 TCP 32831 > http [FIN, ACK] Seq=559 Ack=613 Win=6721 Len=0
997.003969 216.73.86.23 -> 69.17.65.22 TCP http > 32831 [ACK] Seq=613 Ack=560 Win=16962 Len=0
997.093897 69.17.65.22 -> 216.73.81.10 DNS Standard query A m2.doubleclick.net
997.149611 216.73.81.10 -> 69.17.65.22 DNS Standard query response CNAME dclick-cname.speedera.net
997.155347 69.17.65.22 -> 192.42.93.30 DNS Standard query A dclick-cname.speedera.net
997.169527 65.201.175.250 -> 69.17.65.22 ICMP Destination unreachable
998.025769 69.17.65.22 -> 192.48.79.30 DNS Standard query A ns1.ev1.net
998.032734 69.17.65.22 -> 192.48.79.30 DNS Standard query A6 ns1.ev1.net
998.041724 69.17.65.22 -> 192.48.79.30 DNS Standard query A ns2.ev1.net
998.042014 69.17.65.22 -> 192.48.79.30 DNS Standard query A6 ns2.ev1.net
999.156650 69.17.65.22 -> 192.54.112.30 DNS Standard query A dclick-cname.speedera.net
1000.027502 69.17.65.22 -> 192.52.178.30 DNS Standard query A ns1.ev1.net
1000.037591 69.17.65.22 -> 192.52.178.30 DNS Standard query A6 ns1.ev1.net
1000.044755 69.17.65.22 -> 192.52.178.30 DNS Standard query A ns2.ev1.net
1000.045055 69.17.65.22 -> 192.52.178.30 DNS Standard query A6 ns2.ev1.net
1001.157393 69.17.65.22 -> 192.48.79.30 DNS Standard query A dclick-cname.speedera.net
1002.029709 69.17.65.22 -> 192.55.83.30 DNS Standard query A ns1.ev1.net
1002.038193 69.17.65.22 -> 192.55.83.30 DNS Standard query A6 ns1.ev1.net
1002.046189 69.17.65.22 -> 192.55.83.30 DNS Standard query A ns2.ev1.net
1002.046460 69.17.65.22 -> 192.55.83.30 DNS Standard query A6 ns2.ev1.net
1003.159166 69.17.65.22 -> 192.52.178.30 DNS Standard query A dclick-cname.speedera.net
1004.031004 69.17.65.22 -> 192.31.80.30 DNS Standard query A ns1.ev1.net
1004.039939 69.17.65.22 -> 192.31.80.30 DNS Standard query A6 ns1.ev1.net
1004.047938 69.17.65.22 -> 192.31.80.30 DNS Standard query A ns2.ev1.net
1004.048210 69.17.65.22 -> 192.31.80.30 DNS Standard query A6 ns2.ev1.net
1005.092672 69.17.65.22 -> 192.168.202.7 DNS Standard query A m2.doubleclick.net
1005.160865 69.17.65.22 -> 192.55.83.30 DNS Standard query A dclick-cname.speedera.net
1005.799461 69.17.65.22 -> 192.168.202.7 DNS Standard query PTR 114.182.44.207.in-addr.arpa
1006.032743 69.17.65.22 -> 192.12.94.30 DNS Standard query A ns1.ev1.net
1006.041683 69.17.65.22 -> 192.12.94.30 DNS Standard query A6 ns1.ev1.net
1006.049682 69.17.65.22 -> 192.12.94.30 DNS Standard query A ns2.ev1.net
1006.050702 69.17.65.22 -> 192.12.94.30 DNS Standard query A6 ns2.ev1.net
1007.162607 69.17.65.22 -> 192.31.80.30 DNS Standard query A dclick-cname.speedera.net
1008.039733 69.17.65.22 -> 192.41.162.30 DNS Standard query A ns1.ev1.net
1008.046368 69.17.65.22 -> 192.41.162.30 DNS Standard query A6 ns1.ev1.net
1008.053364 69.17.65.22 -> 192.41.162.30 DNS Standard query A ns2.ev1.net
1008.053636 69.17.65.22 -> 192.41.162.30 DNS Standard query A6 ns2.ev1.net
1009.164355 69.17.65.22 -> 192.12.94.30 DNS Standard query A dclick-cname.speedera.net
1010.041251 69.17.65.22 -> 192.5.6.30 DNS Standard query A ns1.ev1.net
1010.048191 69.17.65.22 -> 192.5.6.30 DNS Standard query A6 ns1.ev1.net
1010.058955 192.5.6.30 -> 69.17.65.22 DNS Standard query response A 216.88.76.6
1010.061906 69.17.65.22 -> 192.5.6.30 DNS Standard query A ns2.ev1.net
1010.062173 69.17.65.22 -> 192.5.6.30 DNS Standard query A6 ns2.ev1.net
1010.065354 192.5.6.30 -> 69.17.65.22 DNS Standard query response
1010.076512 69.17.65.22 -> 216.88.76.6 DNS Standard query PTR 114.182.44.207.in-addr.arpa
1010.078665 192.5.6.30 -> 69.17.65.22 DNS Standard query response A 216.88.77.7
1010.082107 192.5.6.30 -> 69.17.65.22 DNS Standard query response
1010.085531 69.17.65.22 -> 216.88.76.6 DNS Standard query A6 ns1.ev1.net
1010.093582 69.17.65.22 -> 216.88.76.6 DNS Standard query A6 ns2.ev1.net
1010.124005 216.88.76.6 -> 69.17.65.22 DNS Standard query response PTR mx.linuxquestions.org
1010.132614 216.88.76.6 -> 69.17.65.22 DNS Standard query response
1010.139593 69.17.65.22 -> 216.88.77.7 DNS Standard query AAAA ns1.ev1.net
1010.140410 216.88.76.6 -> 69.17.65.22 DNS Standard query response
1010.142827 69.17.65.22 -> 216.88.77.7 DNS Standard query AAAA ns2.ev1.net
1010.186815 216.88.77.7 -> 69.17.65.22 DNS Standard query response
1010.190260 216.88.77.7 -> 69.17.65.22 DNS Standard query response
1011.165172 69.17.65.22 -> 192.41.162.30 DNS Standard query A dclick-cname.speedera.net
1011.871673 69.17.65.22 -> 207.44.182.114 TCP 32832 > http [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460
1011.934394 207.44.182.114 -> 69.17.65.22 TCP http > 32832 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
1011.934744 69.17.65.22 -> 207.44.182.114 TCP 32832 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0
1011.935912 69.17.65.22 -> 207.44.182.114 HTTP GET /adjs.php?n=234050884&what=zone:2&target=_blank&exclude=, HTTP/1.1
1012.008321 207.44.182.114 -> 69.17.65.22 TCP http > 32832 [ACK] Seq=1 Ack=411 Win=6432 Len=0
1012.022072 207.44.182.114 -> 69.17.65.22 HTTP HTTP/1.1 200 OK (application/x-javascript)
1012.022324 69.17.65.22 -> 207.44.182.114 TCP 32832 > http [ACK] Seq=411 Ack=1332 Win=7986 Len=0
1012.059714 69.17.65.22 -> 207.44.182.114 HTTP GET /adlog.php?bannerid=12&clientid=8&zoneid=2&source=&block=0&capping=0&cb=f3b3b44e2e6f906449005cd13d331 f1d HTTP/1.1
1012.139196 207.44.182.114 -> 69.17.65.22 HTTP HTTP/1.1 200 OK (GIF89a)
1012.178674 69.17.65.22 -> 207.44.182.114 TCP 32832 > http [ACK] Seq=884 Ack=1660 Win=7986 Len=0
1013.165863 69.17.65.22 -> 192.5.6.30 DNS Standard query A dclick-cname.speedera.net
1013.184070 192.5.6.30 -> 69.17.65.22 DNS Standard query response
1013.197608 69.17.65.22 -> 64.0.96.22 DNS Standard query A dclick-cname.speedera.net
1013.229661 64.0.96.22 -> 69.17.65.22 DNS Standard query response A 216.73.87.203 A 64.28.86.236
1013.243910 69.17.65.22 -> 192.55.83.32 DNS Standard query PTR 203.87.73.216.in-addr.arpa
1013.959408 213.61.6.2 -> 69.17.65.22 ICMP Echo (ping) request
1013.959675 69.17.65.22 -> 213.61.6.2 ICMP Echo (ping) reply
1013.963643 216.73.87.200 -> 69.17.65.22 ICMP Echo (ping) request
1013.963858 69.17.65.22 -> 216.73.87.200 ICMP Echo (ping) reply
1013.991906 80.15.238.2 -> 69.17.65.22 ICMP Echo (ping) request
1013.992152 69.17.65.22 -> 80.15.238.2 ICMP Echo (ping) reply
1013.999791 80.15.238.66 -> 69.17.65.22 ICMP Echo (ping) request
1014.000032 69.17.65.22 -> 80.15.238.66 ICMP Echo (ping) reply
1014.027155 80.15.238.99 -> 69.17.65.22 ICMP Echo (ping) request
1014.027425 69.17.65.22 -> 80.15.238.99 ICMP Echo (ping) reply
1015.247233 fe80::210:4bff:fe98:7459 -> ff02::1:ff00:21 ICMPv6 Neighbor solicitation
1016.247107 fe80::210:4bff:fe98:7459 -> ff02::1:ff00:21 ICMPv6 Neighbor solicitation
1017.246562 69.17.65.22 -> 192.41.162.32 DNS Standard query PTR 203.87.73.216.in-addr.arpa
1017.246936 fe80::210:4bff:fe98:7459 -> ff02::1:ff00:21 ICMPv6 Neighbor solicitation
1019.303942 69.17.65.22 -> 192.42.93.32 DNS Standard query PTR 203.87.73.216.in-addr.arpa
1021.243647 69.17.65.22 -> 192.168.202.7 DNS Standard query PTR 203.87.73.216.in-addr.arpa
1021.305835 69.17.65.22 -> 192.31.80.32 DNS Standard query PTR 203.87.73.216.in-addr.arpa
1023.307602 69.17.65.22 -> 192.26.92.32 DNS Standard query PTR 203.87.73.216.in-addr.arpa
1023.322368 192.26.92.32 -> 69.17.65.22 DNS Standard query response
1023.331250 69.17.65.22 -> 216.73.86.10 DNS Standard query PTR 203.87.73.216.in-addr.arpa
1023.350201 216.73.86.10 -> 69.17.65.22 DNS Standard query response PTR server-3.eqva.doubleclick.net
1027.283435 69.17.65.22 -> 192.55.83.32 DNS Standard query PTR 236.86.28.64.in-addr.arpa
1027.495977 69.17.65.22 -> 207.44.182.114 TCP 32832 > http [FIN, ACK] Seq=884 Ack=1660 Win=7986 Len=0
1027.558625 207.44.182.114 -> 69.17.65.22 TCP http > 32832 [FIN, ACK] Seq=1660 Ack=885 Win=7504 Len=0
1027.558897 69.17.65.22 -> 207.44.182.114 TCP 32832 > http [ACK] Seq=885 Ack=1661 Win=7986 Len=0
1029.284884 fe80::210:4bff:fe98:7459 -> ff02::1:ff00:21 ICMPv6 Neighbor solicitation
1030.284289 fe80::210:4bff:fe98:7459 -> ff02::1:ff00:21 ICMPv6 Neighbor solicitation
1031.284180 fe80::210:4bff:fe98:7459 -> ff02::1:ff00:21 ICMPv6 Neighbor solicitation
1031.291567 69.17.65.22 -> 192.41.162.32 DNS Standard query PTR 236.86.28.64.in-addr.arpa
1033.292330 69.17.65.22 -> 192.42.93.32 DNS Standard query PTR 236.86.28.64.in-addr.arpa
1035.322053 69.17.65.22 -> 192.168.202.7 DNS Standard query PTR 236.86.28.64.in-addr.arpa
1035.330764 69.17.65.22 -> 192.31.80.32 DNS Standard query PTR 236.86.28.64.in-addr.arpa
1037.331821 69.17.65.22 -> 192.26.92.32 DNS Standard query PTR 236.86.28.64.in-addr.arpa
1037.347577 192.26.92.32 -> 69.17.65.22 DNS Standard query response
1037.364575 69.17.65.22 -> 192.42.93.30 DNS Standard query A dns01.savvis.net
1037.370630 69.17.65.22 -> 192.42.93.30 DNS Standard query A6 dns01.savvis.net
1037.378055 69.17.65.22 -> 192.42.93.30 DNS Standard query A dns02.savvis.net
1037.381068 69.17.65.22 -> 192.42.93.30 DNS Standard query A6 dns02.savvis.net
1037.391782 69.17.65.22 -> 192.42.93.30 DNS Standard query A dns03.savvis.net
1037.394845 69.17.65.22 -> 192.42.93.30 DNS Standard query A6 dns03.savvis.net
1037.398105 69.17.65.22 -> 192.42.93.30 DNS Standard query A dns04.savvis.net
1037.402720 69.17.65.22 -> 192.42.93.30 DNS Standard query A6 dns04.savvis.net
1039.366540 69.17.65.22 -> 192.54.112.30 DNS Standard query A dns01.savvis.net
1039.373569 69.17.65.22 -> 192.54.112.30 DNS Standard query A6 dns01.savvis.net1039.380468 69.17.65.22 -> 192.54.112.30 DNS Standard query A dns02.savvis.net
1039.382452 69.17.65.22 -> 192.54.112.30 DNS Standard query A6 dns02.savvis.net1039.393554 69.17.65.22 -> 192.54.112.30 DNS Standard query A dns03.savvis.net
1039.400405 69.17.65.22 -> 192.54.112.30 DNS Standard query A6 dns03.savvis.net1039.400711 69.17.65.22 -> 192.54.112.30 DNS Standard query A dns04.savvis.net
1039.403447 69.17.65.22 -> 192.54.112.30 DNS Standard query A6 dns04.savvis.net1041.368275 69.17.65.22 -> 192.48.79.30 DNS Standard query A dns01.savvis.net
1041.376579 69.17.65.22 -> 192.48.79.30 DNS Standard query A6 dns01.savvis.net
1041.383432 69.17.65.22 -> 192.48.79.30 DNS Standard query A dns02.savvis.net
1041.383734 69.17.65.22 -> 192.48.79.30 DNS Standard query A6 dns02.savvis.net
1041.395504 69.17.65.22 -> 192.48.79.30 DNS Standard query A dns03.savvis.net
1041.402843 69.17.65.22 -> 192.48.79.30 DNS Standard query A6 dns03.savvis.net
1041.403151 69.17.65.22 -> 192.48.79.30 DNS Standard query A dns04.savvis.net
1041.404980 69.17.65.22 -> 192.48.79.30 DNS Standard query A6 dns04.savvis.net
1043.369080 69.17.65.22 -> 192.52.178.30 DNS Standard query A dns01.savvis.net
1043.378038 69.17.65.22 -> 192.52.178.30 DNS Standard query A6 dns01.savvis.net1043.385024 69.17.65.22 -> 192.52.178.30 DNS Standard query A dns02.savvis.net
1043.385307 69.17.65.22 -> 192.52.178.30 DNS Standard query A6 dns02.savvis.net1043.397490 69.17.65.22 -> 192.52.178.30 DNS Standard query A dns03.savvis.net
1043.404885 69.17.65.22 -> 192.52.178.30 DNS Standard query A6 dns03.savvis.net1043.405173 69.17.65.22 -> 192.52.178.30 DNS Standard query A dns04.savvis.net
1043.458531 69.17.65.22 -> 192.52.178.30 DNS Standard query A6 dns04.savvis.net1045.369981 69.17.65.22 -> 192.55.83.30 DNS Standard query A dns01.savvis.net
1045.379747 69.17.65.22 -> 192.55.83.30 DNS Standard query A6 dns01.savvis.net
1045.386845 69.17.65.22 -> 192.55.83.30 DNS Standard query A dns02.savvis.net
1045.387129 69.17.65.22 -> 192.55.83.30 DNS Standard query A6 dns02.savvis.net
1045.398792 69.17.65.22 -> 192.55.83.30 DNS Standard query A dns03.savvis.net
1045.406761 69.17.65.22 -> 192.55.83.30 DNS Standard query A6 dns03.savvis.net
1045.407048 69.17.65.22 -> 192.55.83.30 DNS Standard query A dns04.savvis.net
1045.459767 69.17.65.22 -> 192.55.83.30 DNS Standard query A6 dns04.savvis.net
1046.669444 69.17.65.22 -> 66.187.224.4 NTP NTP
1046.711264 66.187.224.4 -> 69.17.65.22 NTP NTP
1047.371575 69.17.65.22 -> 192.31.80.30 DNS Standard query A dns01.savvis.net
1047.381536 69.17.65.22 -> 192.31.80.30 DNS Standard query A6 dns01.savvis.net
1047.388648 69.17.65.22 -> 192.31.80.30 DNS Standard query A dns02.savvis.net
1047.390025 69.17.65.22 -> 192.31.80.30 DNS Standard query A6 dns02.savvis.net
1047.400478 69.17.65.22 -> 192.31.80.30 DNS Standard query A dns03.savvis.net
1047.408502 69.17.65.22 -> 192.31.80.30 DNS Standard query A6 dns03.savvis.net
1047.409896 69.17.65.22 -> 192.31.80.30 DNS Standard query A dns04.savvis.net
1047.461525 69.17.65.22 -> 192.31.80.30 DNS Standard query A6 dns04.savvis.net
1049.355984 69.17.65.22 -> 192.168.202.7 DNS Standard query PTR 236.86.28.64.in-addr.arpa
1049.373326 69.17.65.22 -> 192.12.94.30 DNS Standard query A dns01.savvis.net
1049.385954 69.17.65.22 -> 192.12.94.30 DNS Standard query A6 dns01.savvis.net
1049.393441 69.17.65.22 -> 192.12.94.30 DNS Standard query A dns02.savvis.net
1049.393728 69.17.65.22 -> 192.12.94.30 DNS Standard query A6 dns02.savvis.net
1049.402237 69.17.65.22 -> 192.12.94.30 DNS Standard query A dns03.savvis.net
1049.412573 69.17.65.22 -> 192.12.94.30 DNS Standard query A6 dns03.savvis.net
1049.412895 69.17.65.22 -> 192.12.94.30 DNS Standard query A dns04.savvis.net
1049.463244 69.17.65.22 -> 192.12.94.30 DNS Standard query A6 dns04.savvis.net
1051.375077 69.17.65.22 -> 192.41.162.30 DNS Standard query A dns01.savvis.net
1051.386998 69.17.65.22 -> 192.41.162.30 DNS Standard query A6 dns01.savvis.net1051.395011 69.17.65.22 -> 192.41.162.30 DNS Standard query A dns02.savvis.net
1051.395300 69.17.65.22 -> 192.41.162.30 DNS Standard query A6 dns02.savvis.net1051.405185 69.17.65.22 -> 192.41.162.30 DNS Standard query A dns03.savvis.net
1051.414018 69.17.65.22 -> 192.41.162.30 DNS Standard query A6 dns03.savvis.net1051.414309 69.17.65.22 -> 192.41.162.30 DNS Standard query A dns04.savvis.net
1051.465003 69.17.65.22 -> 192.41.162.30 DNS Standard query A6 dns04.savvis.net1053.376819 69.17.65.22 -> 192.33.14.30 DNS Standard query A dns01.savvis.net
1053.388744 69.17.65.22 -> 192.33.14.30 DNS Standard query A6 dns01.savvis.net
1053.396753 69.17.65.22 -> 192.33.14.30 DNS Standard query A dns02.savvis.net
1053.397036 69.17.65.22 -> 192.33.14.30 DNS Standard query A6 dns02.savvis.net
1053.399287 192.33.14.30 -> 69.17.65.22 DNS Standard query response A 209.1.222.244
1053.403713 192.33.14.30 -> 69.17.65.22 DNS Standard query response
1053.410626 192.33.14.30 -> 69.17.65.22 DNS Standard query response A 209.1.222.245
1053.416838 69.17.65.22 -> 204.194.10.206 DNS Standard query A6 dns01.savvis.net
1053.417132 69.17.65.22 -> 192.33.14.30 DNS Standard query A dns03.savvis.net
1053.418010 192.33.14.30 -> 69.17.65.22 DNS Standard query response
1053.418848 69.17.65.22 -> 209.1.222.244 DNS Standard query PTR 236.86.28.64.in-addr.arpa
1053.421734 69.17.65.22 -> 192.33.14.30 DNS Standard query A6 dns03.savvis.net
1053.421998 69.17.65.22 -> 192.33.14.30 DNS Standard query A dns04.savvis.net
1053.436486 192.33.14.30 -> 69.17.65.22 DNS Standard query response A 209.1.222.246
1053.441640 209.1.222.244 -> 69.17.65.22 DNS Standard query response, No such name
1053.443617 192.33.14.30 -> 69.17.65.22 DNS Standard query response A 209.1.222.247
1053.444850 192.33.14.30 -> 69.17.65.22 DNS Standard query response
1053.451391 69.17.65.22 -> 204.194.10.206 DNS Standard query A6 dns02.savvis.net
1053.456776 69.17.65.22 -> 204.194.10.206 DNS Standard query A6 dns03.savvis.net
1053.467735 69.17.65.22 -> 192.33.14.30 DNS Standard query A6 dns04.savvis.net
1053.484279 192.33.14.30 -> 69.17.65.22 DNS Standard query response
1053.499035 69.17.65.22 -> 204.194.10.206 DNS Standard query A6 dns04.savvis.net
1053.504984 204.194.10.206 -> 69.17.65.22 DNS Standard query response
1053.515082 69.17.65.22 -> 209.16.211.42 DNS Standard query AAAA dns01.savvis.net
1053.538957 204.194.10.206 -> 69.17.65.22 DNS Standard query response

rioguia 10-08-2004 10:00 AM
changed firewall and turned of caching
 
this problem stopped by following steps suggested by a cricket liu presentaton posted online ( i limited recursion requests, etc.)

http://www.linuxsecurity.com/resourc...ame_server.pdf


All times are GMT -5. The time now is 09:59 PM.