Security Incidents mailing list archives

Help in flood

From: Mauro Marazzi <mauro.marazzi () netsystem com>
Date: 29 Sep 2003 15:43:15 -0000


Hello .
We have had a flood described below on a red hat 7.3 system with bind 9 (is a Dns server). Bandwidth consumption about 
30Mbps. What kind of attack is? And how to prevent it?

Regards,

Mauro Marazzi

11:25:00.017182 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017185 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017186 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017187 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017202 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017216 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017218 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017231 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017233 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017247 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017262 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017263 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017277 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017278 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017292 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017307 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)
11:25:00.017308 66.185.161.58.54407 > 212.31.242.100.53:  12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] 
[16706au][|domain] (DF)

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Current thread:

Help in flood Mauro Marazzi (Sep 29)