DNS requests and Bandwidth

aljuhani info at riyadmail.com
Wed May 11 18:06:10 UTC 2005


On Wed, May 11, 2005 at 20:33, Will Yardley wrote:

> If your domains aren't "mynameserver.net" or "mydomain.com", perhaps
> you'd get a more helpful response by including the actual hostnames /
> domains in question? You don't gain much by stripping this information,
> and it's much easier for people to figure out what might be going on if
> you include the actual domain(s). I'm assuming that if you're running a
> publicly accessible nameserver which is serving names for these domains,
> it's probably not sooper sekrit information.
>
> Also, if you MUST use a bogus domain, at least use a bogus domain
> reserved for that purpose (like example.com) or something ending in
> ".invalid".

First. thanks all for the prompt responses to my message.

Second. The incident actually started late 2003 and the magnitude of
DNS requests peaked our bandwidth usage to 170 GB which was
a huge increase when compared to normal average bandwidth.

Why it happened? There was a worm that is still crawling around the
internet that sends mega emails to anyuser at mxserver.com  ; usually
user at mxserver.com, recipient at mxserver.com, and many others.

During 2004 the worm was still there but then it died down but
now it is up again ... so what I think is that those IPs attacking our
DNS server are actually PCs infected by that worm .. It ends up as a
DoS type attack as thousands of PCs around the world requesting DNS records
from our nameservers.

Now I changed the DNS server to a dynamic DNS provider, and I am pointing
the MX record to my home server sitting on a DSL connection which does
not annoy much bandwidth wise and I've started creating SMTP rules that
blocks
every address except webmaster at mxserver.com and info at mxserver.com ..

If you want to see the magnitude of attacks you can search google for
mxserver.com:

http://groups-beta.google.com/groups?q=%22mxserver.com%22&hl=en&lr=&sa=N&tab
=wg

once again thanks all for your help.

-aljuhani




More information about the NANOG mailing list