Reverse lookup flood from a single host
TCPWave Customer Care
customercare at tcpwave.com
Mon Jul 18 13:45:29 UTC 2011
Can you send the process table from your system?
On Sat, 2011-07-16 at 10:06 -0400, Warren Kumari wrote:
> A related question (and apologies for the top post...)
> Does anyone know a good way to figure out the process that is making queries? Every 30 minutes or so I get 500 - 600 for around a minute for 'vimes.kumari.net', on the machine called vimes, from 127.0.0.1. I realized that I was missing this from my hosts file and so have added it, but would still like to know how to find this next time..
> There is nothing obvious in cron that fires every 30min, netstat / tcpdump, etc doesn't show anything (other than queries), I dont know what the process is, so I cannot strace it, killing random processes to see what make it stop is an option, but an annoying one...
> Any ideas?
> Warren Kumari
> Please excuse typing, etc -- This was sent from a device with a tiny keyboard.
> On Jul 15, 2011, at 6:00 PM, Benny Pedersen <me at junc.org> wrote:
> > On Fri, 15 Jul 2011 13:24:29 -0600, Joshua Beard wrote:
> >> Is this abuse? If so, is it likely intentional?
> > 100% guess, the client ip running a mailserver ?
> > if so all is ok
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users