|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ronan Lucio (ronan_at_melim.com.br)
Date: Tue Jan 21 2003 - 13:24:31 CST
> This is not a ping flood, as others have reported. ICMP unreach packets
> are sent in response to incoming UDP packets to a port which has no
> service running on it.
>
> Here's what's happening:
>
> 1. BIND crashes.
> 2. DNS requests keep coming in, at a rate of 231 per second.
> 3. FreeBSD limits the number of icmp unreach responses, and tells you.
> 4. You restart BIND, and messages go away.
>
> I can't answer why step #1 occured, but I can assure you that #2 through
> #4 are natural results of #1, and are nothing to worry about it.
I think a good solution is install a DJB DNS Cache and leave it
just to answer DNS queries.
The dnscache machine could even point to a DNS Server running
Bind9.
Ronan
To Unsubscribe: send mail to majordomo
FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]