[dns-operations] Odd MX queries
Vernon Schryver
vjs at rhyolite.com
Mon Mar 11 20:18:42 UTC 2013
> From: Daniel Stirnimann <daniel.stirnimann at switch.ch>
> One error I made is that there are lots of different IP addresses
> sending these queries. The IP address 203.45.217.122 which I referred to
> in my original post sends about 50 qps but there are roughly 5800 other
> IPs sending this traffic as well. Some only one query within 15 minute
> but most something between 1 qps and 40 qps.
That's interesting.
> The few IP addresses which send more then my threshold
> (response-per-second 20) are rate-limited.
That's a relief.
If I were eager to repeat the very popular error of confusing guesses
with knowledge and facts, I might expound on botnets and spam and claim
that the increase in spam backscatter in my personal mailbox and the
~7% increase in spam reported to DCC are both real and related to what
you are seeing.
http://www.rhyolite.com/dcc/graphs/?BIG=1&end=1363032000&resol=1m
http://www.rhyolite.com/dcc/graphs/?resol=1w&end=1363032000&BIG=1
http://www.rhyolite.com/dcc/graphs/?resol=1w&end=1361822400&BIG=1
However, I've learned from many years of watching others make authoritative
sounding declarations about the what, where, why, and how of network
evil, and be immediately or sooner shown to be full of negative clues
("facts" that are false).
Vernon Schryver vjs at rhyolite.com
More information about the dns-operations
mailing list