Possible DDoS?

Manson, John John.Manson at mail.house.gov
Wed Oct 17 18:17:42 UTC 2012


>From time to time I notice a large number of queries like these to one of my external dns servers:

14:14:40.01407 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.01529 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.03688 121.10.105.66 -> 143.231.1.67 DNS C house.gov. Internet * ?
14:14:40.06047 121.10.105.66 -> 143.231.1.67 DNS C house.gov. Internet * ?
14:14:40.08370 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.11990 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.17595 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.17732 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.17782 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.19381 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.20723 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.21655 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.21857 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.22005 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.23128 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.23353 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.24827 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.25276 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.26750 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.26775 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.26787 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.26837 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.26937 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.27911 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.28023 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.30558 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.30562 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.33555 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.35478 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.36840 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.37102 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.37526 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.44820 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.48304 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.49140 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.49765 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.50189 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.53498 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.53885 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.56207 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.57419 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.59804 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.64661 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.65460 121.10.105.66 -> 143.231.1.67 DNS C houselive.gov. Internet * ?
14:14:40.66985 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.67022 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.69244 121.10.105.66 -> 143.231.1.67 DNS C houselive.gov. Internet * ?
14:14:40.70905 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.72203 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.72702 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.74125 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.74662 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.76813 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.77012 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.77150 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.77250 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.77624 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.78025 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.79958 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.80271 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.81845 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.82319 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.82321 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.82968 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.84142 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.84331 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.85053 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.85078 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.85254 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.85828 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.85840 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.86314 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.86377 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.89349 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.90898 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.91273 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.91961 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.92223 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.95507 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?
14:14:40.98355 121.10.105.66 -> 143.231.1.67 DNS C houselive.gov. Internet * ?
14:14:40.98668 121.10.105.66 -> 143.231.1.67 DNS C gop.gov. Internet * ?
14:14:40.99417 121.10.105.66 -> 143.231.1.67 DNS C speaker.gov. Internet * ?

Does this rise to the level of a DDoS attack?
No NS record for this IP.
I blackhole IPs that behave like this.
Thanks

John Manson
CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington, DC 20515
Desk: 202-226-4244 | TCC: 202-226-6430 | john.manson at mail.house.gov




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121017/a69b645e/attachment.html>


More information about the bind-users mailing list