[Intrusions] DDoS - mpecllc.com - dns to web hits
David McCall
david at atgi.net
Mon Jan 24 15:14:33 GMT 2005
This morning I decided to look at what IP's were hitting our dns servers
and whether or not they were already on the untrusted list. The snapshot
from 1/6 of our dns server pool was for about 1 hour between 6am and 7am PST.
Thus far the untrusted IP table is 47,853 IP's (being blocked from the web server by SQUID).
During the hour test on 1/6 of our dns servers there were 697 queries for the domain mpecllc.com
Out of those queries there were only 68 pre-existing entries in the untrusted IP table.
./checkdns | wc -l
68
tmp/mpecllc.com # wc -l dnsHits
697 dnsHits
tmp/mpecllc.com # wc -l untrusted
47853 untrusted
I suppose I'm trying to make some meaning out of all the data that might be important to
this event.
If anyone has any other stats they would like me to collect on this let me know.
David C.McCall
UNIX Administrator
===================
EschelonTelecom
admin at atgi.net
david at atgi.net
More information about the Intrusions
mailing list