Lame Server Flood - Suggestions?

N

niatech

Well-Known Member
Feb 20, 2005
121
0
166
Hello all,

Since about 3am this morning, one of my CPanel boxes has been getting hammered from a variety of IPs causing tones of 'lame server' entries in the logs. Now, if it was just the logs, I wouldn't care, but its driving my bandwidth up for about 15-20 minute portions, then subsiding, then starting again.

Does anyone have any suggestions on how I can minimize or stop these?

I have APF/AD/BFD running as well.

Thanks!

Ciao
 
N

niatech

Well-Known Member
Feb 20, 2005
121
0
166
Hmm,

read through the document and ended up only allowing recursion to occur from my own IPs and the attacks are back.. There are hundreds of them already in the first few minutes.

Is there a way I can tell where the request is originating (IP?)

Ciao
 
N

niatech

Well-Known Member
Feb 20, 2005
121
0
166
Seems as though they are a bunch of reverse lookups from (most likely) spoofed IPs:

here is an example

Feb 19 19:39:47 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 204.116.57.2#53
Feb 19 19:39:47 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 206.74.254.2#53
Feb 19 19:39:47 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 206.74.254.2#53
Feb 19 19:39:48 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 204.116.57.2#53
Feb 19 19:39:48 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 204.116.57.2#53
Feb 19 19:39:48 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 206.74.254.2#53
Feb 19 19:39:48 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 206.74.254.2#53
Feb 19 19:39:55 tin named[17893]: lame server resolving '188.88.50.200.in-addr.arpa' (in '88.50.200.in-addr.arpa'?): 205.214.192.201#53
Feb 19 19:39:56 tin named[17893]: lame server resolving '188.88.50.200.in-addr.arpa' (in '88.50.200.in-addr.arpa'?): 205.214.192.202#53
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
S Nameserver is Lame? Domain Management 3
C Lame DNSONLY Nameserver Domain Management 0
O Cpanel DNS and Lame Nameservers Domain Management 0
bpat1434 Nameservers reported as being "lame" Domain Management 5
B lame server errors Domain Management 0
Similar threads
Nameserver is Lame?
Lame DNSONLY Nameserver
Cpanel DNS and Lame Nameservers
Nameservers reported as being "lame"
lame server errors
Top Bottom