Login or Register to Ask a Question and Join Our Community


Cybersecurity

DNS traffic

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity DNS traffic
# 1  
Old 01-13-2013
DNS traffic
Hi All,

I have just started learning Lunix; I hope you can help me to block unwanted DNS traffic.

I have big spikes of traffic few times a day. The duration is from few minutes to two hours.

Incoming traffic is 1 mbps, outgoing is 3mbps

Using my friend's script I was able to get some logs. Here are two logs from today, where:
xxx.xxx.xxx.6 - my server IP (CentOS)
xxx.xxx.xxx.33 - dns server IP, same machine
xxx.xxx.xxx.200 - dns server IP, same machine
xxx.xxx.xxx.15,17,36 - web sites, same machine
xxx.xxx.xxx.5 - primary dns server IP, another machine (windows 2000)
xxx.xxx.xxx.138 - dns server IP, same windows 2000

last column - bytes
.domain - UDP port 53

Code:
5.135.210.200.45910       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.46140       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.46197       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.4621        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.46258       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.46339       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.4637        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.46476       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.46531       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.46693       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.47244       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.47472       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.47475       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.47587       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.47682       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.47881       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.48127       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.48590       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.48743       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.49110       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.49151       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.49719       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.49914       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.50054       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.50151       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.50270       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.50313       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.50385       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.50517       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.50697       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.5141        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.51580       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.51596       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.51673       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.51801       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.51870       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.51930       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.5199        <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.52100       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.52612       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.52854       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.53116       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.53240       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.5331        <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.53453       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.53686       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.53712       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.53764       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.53886       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.53891       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.54246       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.54274       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.54385       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.54814       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.5515        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.55254       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.55433       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.55688       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.55840       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.56114       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.56120       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.56651       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.5666        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.56756       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.56902       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.57154       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.57262       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.57281       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.57550       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.57617       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.57632       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.57766       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.58034       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.58065       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.58110       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.58127       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.5839        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.58708       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.58709       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.58716       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.58750       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.58754       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.58865       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.59157       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.59183       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.59255       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.59256       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.59481       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.59555       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.59569       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.59936       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.5995        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.59990       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.59996       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.60050       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.60204       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.60354       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.60475       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.60582       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.60747       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.60755       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.60879       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.61096       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.61449       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.61863       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.61989       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.62511       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.62642       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.62985       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.63072       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.63391       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.63682       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.63952       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.64093       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.64316       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.64430       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.64432       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.64982       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.65044       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.65054       <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.65394       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.65532       <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.6811        <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.7106        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.7359        <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.7414        <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.8094        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.8337        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.8522        <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.858         <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.8657        <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.8714        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.8877        <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.8919        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.9270        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.9442        <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.9716        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.9847        <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.9882        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.9941        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.amiganetfs  <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.asf-rmcp    <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.bootclient  <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.caerpc      <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.continuus   <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.cvc_hostd   <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.dmdocbroker <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.dnc-port    <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.fjitsuappmgr <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.ipx         <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.miva-mqs    <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.mon         <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.mortgageware <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.mpidcagt    <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.nirp        <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.omnisky     <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.openmail    <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.opentable   <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.silkp1      <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.stss        <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.sun-lm      <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.tag-ups-1   <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.tcoaddressbook <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.tn-tl-fd2   <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.tproxy      <-> xxx.xxx.xxx.36.domain            37
5.135.210.200.traversal   <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.udt_os      <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.urm         <-> xxx.xxx.xxx.33.domain            37
5.135.210.200.wv-csp-sms  <-> xxx.xxx.xxx.33.domain            37
xxx.xxx.xxx.138.domain     <-> xxx.xxx.xxx.6.58391              44
xxx.xxx.xxx.5.domain       <-> xxx.xxx.xxx.6.37696              44
xxx.xxx.xxx.5.domain       <-> xxx.xxx.xxx.6.49893              44
xxx.xxx.xxx.6.49196        <-> xxx.xxx.xxx.138.domain           44
xxx.xxx.xxx.6.32851        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.32864        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.33342        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.33659        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.34117        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.34142        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.34714        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.35000        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.35210        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.35687        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.37504        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.38508        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.39283        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.40018        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.40346        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.40373        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.40574        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.41198        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.41234        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.42900        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.43053        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.43793        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.43803        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.43835        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.44115        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.44176        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.44457        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.44718        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.45222        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.46090        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.47505        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.48084        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.48126        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.48292        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.48323        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.49026        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.49123        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.50220        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.50716        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.50920        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.51035        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.51116        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.51241        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.51734        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.52858        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.53371        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.53596        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.53993        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.54240        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.55622        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.55658        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.56950        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.58775        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.59140        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.59572        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.59767        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.59893        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.200.domain     <-> 93.170.127.93.25345           1080
93.170.127.93.25345       <-> xxx.xxx.xxx.15.domain          1080
93.170.127.93.25345       <-> xxx.xxx.xxx.36.domain          1080
93.170.127.93.25345       <-> xxx.xxx.xxx.6.domain           1080
93.170.127.93.25345       <-> xxx.xxx.xxx.17.domain          1440
93.170.127.93.25345       <-> xxx.xxx.xxx.33.domain          1440
194.8.74.187.25345        <-> xxx.xxx.xxx.33.domain          1800
xxx.xxx.xxx.17.domain      <-> 194.8.74.187.25345            1800
xxx.xxx.xxx.200.domain     <-> 93.170.127.33.25345           1872
93.170.127.33.25345       <-> xxx.xxx.xxx.15.domain          1872
93.170.127.33.25345       <-> xxx.xxx.xxx.17.domain          1872
93.170.127.33.25345       <-> xxx.xxx.xxx.33.domain          1872
93.170.127.33.25345       <-> xxx.xxx.xxx.36.domain          1872
93.170.127.33.25345       <-> xxx.xxx.xxx.6.domain           1872



xxx.xxx.xxx.6.40709        <-> 199.6.1.30.domain               36
xxx.xxx.xxx.6.41126        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.41954        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.42057        <-> 199.6.1.30.domain               36
xxx.xxx.xxx.6.42248        <-> 199.6.1.30.domain               36
xxx.xxx.xxx.6.42293        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.42324        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.42619        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.43728        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.44049        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.44086        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.44292        <-> 199.6.1.30.domain               36
xxx.xxx.xxx.6.4516         <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.45486        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.47189        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.47396        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.48334        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.4836         <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.48479        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.48723        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.49408        <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.49722        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.49908        <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.51075        <-> 199.6.1.30.domain               36
xxx.xxx.xxx.6.51482        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.5157         <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.52151        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.52945        <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.53189        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.53424        <-> 199.6.1.30.domain               36
xxx.xxx.xxx.6.54083        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.54275        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.5485         <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.54967        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.55679        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.56841        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.57198        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.57276        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.57348        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.57529        <-> 199.6.1.30.domain               36
xxx.xxx.xxx.6.57778        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.5801         <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.58805        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.58840        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.59044        <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.59654        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.59932        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.60340        <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.60790        <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.60936        <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.61245        <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.61304        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.62038        <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.62708        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.63343        <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.63618        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.64155        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.64266        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.64369        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.64622        <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.65299        <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.6735         <-> 199.6.1.30.domain               36
xxx.xxx.xxx.6.7924         <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.8303         <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.8465         <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.agri-gateway <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.aol          <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.cadabra-lm   <-> 199.6.1.30.domain               36
xxx.xxx.xxx.6.calltrax     <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.candp        <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.cmmdriver    <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.cslistener   <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.esmmanager   <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.fryeserv     <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.lcm-server   <-> 199.6.0.30.domain               36
xxx.xxx.xxx.6.mps-raft     <-> 149.20.64.3.domain              36
xxx.xxx.xxx.6.pmcp         <-> 199.254.63.254.domain           36
xxx.xxx.xxx.6.ttg-protocol <-> 149.20.64.3.domain              36
xxx.xxx.xxx.138.domain     <-> xxx.xxx.xxx.6.36117              44
xxx.xxx.xxx.6.32971        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.32998        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.33067        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.33080        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.33110        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.33114        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.33164        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.33382        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.33644        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.33855        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.34031        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.34358        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.34404        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.34681        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.34996        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.35256        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.35446        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.35832        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.36260        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.36527        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.36688        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.36954        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.37167        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.37230        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.37235        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.37495        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.37832        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.38063        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.38121        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.38340        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.38777        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.39112        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.39139        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.39222        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.40281        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.40756        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.40839        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.40855        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.41045        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.41161        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.41370        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.42284        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.42431        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.42738        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.42855        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.43181        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.43277        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.43431        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.43467        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.43757        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.43825        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.43827        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.43923        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.44049        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.44125        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.44173        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.44262        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.44396        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.44410        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.44495        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.44619        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.45006        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.45131        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.45147        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.45456        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.45797        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.45894        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.45932        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.46199        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.46212        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.46583        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.46594        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.46690        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.46693        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.46723        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.46728        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.47188        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.47325        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.47346        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.47678        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.47712        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.47911        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.48368        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.48411        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.48738        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.48822        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.49161        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.49163        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.49164        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.49204        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.49398        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.49433        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.49622        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.49665        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.49667        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.50245        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.50424        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.50694        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.50763        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.50867        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.51258        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.51319        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.51643        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.51811        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.51952        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.52085        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.52164        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.52185        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.52270        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.52305        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.52411        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.52690        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.52754        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.52881        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.53261        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.53306        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.53486        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.53625        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.53722        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.54501        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.54947        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.55391        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.55402        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.55537        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.55548        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.55550        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.55665        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.55710        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.55717        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.55859        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.55944        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.56017        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.56155        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.56192        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.56290        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.56962        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.57023        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.57368        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.57388        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.57537        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.57627        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.57871        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.58050        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.58118        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.58282        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.58460        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.58725        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.58847        <-> xxx.xxx.xxx.5.domain             88
xxx.xxx.xxx.6.59659        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.60472        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.60503        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.60557        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.60620        <-> xxx.xxx.xxx.138.domain           88
xxx.xxx.xxx.6.60640        <-> xxx.xxx.xxx.138.domain           88
72.46.153.26.41055        <-> xxx.xxx.xxx.36.http             105
xxx.xxx.xxx.6.44193        <-> xxx.xxx.xxx.5.domain            116
194.8.74.187.25345        <-> xxx.xxx.xxx.17.domain          4536
194.8.74.187.25345        <-> xxx.xxx.xxx.33.domain          4536
93.170.127.33.25345       <-> xxx.xxx.xxx.15.domain          5508
93.170.127.33.25345       <-> xxx.xxx.xxx.17.domain          5508
93.170.127.33.25345       <-> xxx.xxx.xxx.200.domain         5508
93.170.127.33.25345       <-> xxx.xxx.xxx.33.domain          5508
93.170.127.33.25345       <-> xxx.xxx.xxx.36.domain          5508
93.170.127.33.25345       <-> xxx.xxx.xxx.6.domain           5508
220.181.108.168.29441     <-> xxx.xxx.xxx.17.http           10403

I think I need to add rules to iptable to block this traffic.

Please help. Thanks a lot!

OlegE

---------- Post updated at 06:15 PM ---------- Previous update was at 02:31 PM ----------

Here is more information.

We found this article about a flood of DNS ANY requests: (oh I cannot post urls Smilie - if you search google on "DNS ANY Request Cannon - Need More Packets" it will be first in the search result)

According to this article we set up the following rules in iptables:
Code:
-A PUB_IN -p udp -m udp --dport 53 -m string --hex-string "|0000ff0001|" --algo bm --from 50 --to 65535 -m recent --set --name dnsanyquery --rsource
-A PUB_IN -p udp -m udp --dport 53 -m string --hex-string "|0000ff0001|" --algo bm --from 50 --to 65535 -m recent --rcheck --seconds 60 --hitcount 3 --name dnsanyquery --rsource -j DROP

It did not help much if at all.

Any help would be highly appreciated!

OlegE
# 2  
Old 01-17-2013
This might help you - nscd(8): name service cache daemon - Linux man page

You should have the nscd daemon running. It kind of looks like this is not the case.
It caches DNS information. Which would reduce your outbound dns requests.

Next: should you be on a separate subnet behind a router? Sounds like that might be part of the issue. I don't get why foreign dns requests appear to be going through your box.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Solaris

DNS client added to DNS server but not working

Hi, We have built a new server (RHEL VM)and added that IP/hostname into dns zone configs file on DNS server (Solaris 10). Reloaded the configuration using and added nameserver into resolv.conf on client. But when I am trying nslookup, its not getting resolved. The nameserver is not able to... (8 Replies)
Discussion started by: snchaudhari2
8 Replies

2. UNIX for Beginners Questions & Answers

Cant get traffic to my forum

<SNIP> edit by bakunin: You could have shown the courtesy to ask if it is OK to advertise your forum here. As generous as i know Neo to be and given you are probably a non-profit organisation he might have allowed it. But simply using us as your free advertising vehicle without as much as giving... (0 Replies)
Discussion started by: thomen
0 Replies

3. Proxy Server

IPtable rules for DNS/http/https traffic for specific hosts only, not working.

Hi there, I have a VPS and am working on a little side project for myself and friend which is a DNS proxy. Everything was great till recently. My VPS IP has been detected by some botnet or something, and I believe SMURF attacks are occuring. The VPS provider keeps shutting down my VPS... (3 Replies)
Discussion started by: phi0x
3 Replies

4. Red Hat

DHCP & DNS - Clients get IP but don't register in DNS

I am trying to setup a CentOS 6.2 server that will be doing 3 things DHCP, DNS & Samba for a very small office (2 users). The idea being this will replace a very old Win2k server. The users are all windows based clients so only the server will be Linux based. I've installed CentOS 6.2 with... (4 Replies)
Discussion started by: FireBIade
4 Replies

5. Red Hat

DNS A-Record point to another DNS

Hi, I have a question on how to point the DNS server-1's A-record to second DNS server, which is DNS server-2. So, the computer can access other domain which only listed in the DNS server-2. The scenario is as follow: http://img689.imageshack.us/img689/6333/12234.png How to configure this... (4 Replies)
Discussion started by: Paris Heng
4 Replies

6. IP Networking

Divert DNS traffic to another gateway

hello all, i have a local bind9 dns server running on debian. its default gateway is 10.0.0.x. This internet gateway has limited bandwidth. we have another high speed internet connection(adsl) and the gateway to access this connection is 10.0.0.y. all users in the office are using... (2 Replies)
Discussion started by: coolatt
2 Replies

7. UNIX for Advanced & Expert Users

DNS server choice: Windows DNS vs Linux BIND

I'd like to get some opnions on choosing DNS server: Windows DNS vs Linux BIND comparrsion: 1) managment, easy of use 2) Security 3) features 4) peformance 5) ?? I personally prefer Windows DNS server for management, it supports GUI and command line. But I am not sure about security... (2 Replies)
Discussion started by: honglus
2 Replies

8. Solaris

ssh traffic

i have 3 servers running at home. i always connect to these servers from a windows box via ssh. recently i was snooping my interface on my database server and saw a lot of ssh traffic. this is a few lines of the snoop: deathstar -> xstar TCP D=22 S=3190 Ack=662538517 Seq=1676539194... (2 Replies)
Discussion started by: pupp
2 Replies

9. Solaris

Solaris DNS Client For Microsoft DNS Server

hey guys, how to add soalris box as a microsoft DNS Client ? and how to register in the microsoft DNS ?? i managed to query from the DNS server after adding /etc/resolve.conf and editing /etc/nsswitch.conf but i need to register the soalris server (dns Client) into Microsoft DNS automatically.... (3 Replies)
Discussion started by: mduweik
3 Replies
Login or Register to Ask a Question