[dns-operations] Vodafone AS25135 sending 3k req/s to AS112
Alarig Le Lay
alarig at swordarmor.fr
Wed Jul 13 17:36:52 UTC 2022
Hello,
Vodafone is sending 3k req/s (~10Mbps) of DNS garbage to my AS112 node
from 88.82.0.0/19
If someone knows somebody there, could you please tell them to fix their
resolvers?
Here is what I’m seeing right now:
[root at as112 ~]# time tcpdump -ni vtnet1 -c 20 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vtnet1, link-type EN10MB (Ethernet), capture size 262144 bytes
19:33:42.811147 IP 88.82.13.11.54217 > 192.175.48.6.53: Flags [S], seq 39814353, win 29200, options [mss 1436,sackOK,TS val 2616906492 ecr 0,nop,wscale 8], length 0
19:33:42.811170 IP 88.82.13.27.34687 > 192.175.48.6.53: Flags [.], ack 1854115208, win 119, options [nop,nop,TS val 2616913819 ecr 3702446245], length 0
19:33:42.811183 IP 88.82.13.10.58825 > 192.175.48.42.53: Flags [F.], seq 3926102883, ack 2182550963, win 119, options [nop,nop,TS val 2625279810 ecr 3153170801], length 0
19:33:42.811196 IP 88.82.13.26.57233 > 192.175.48.6.53: Flags [.], ack 1828208115, win 115, options [nop,nop,TS val 2625275865 ecr 1865700866], length 0
19:33:42.811213 IP 88.82.10.218.49421 > 192.175.48.42.53: Flags [.], ack 2894862899, win 115, options [nop,nop,TS val 2625267389 ecr 209062963], length 0
19:33:42.811356 IP 88.82.13.26.57233 > 192.175.48.6.53: Flags [P.], seq 0:73, ack 1, win 115, options [nop,nop,TS val 2625275865 ecr 1865700866], length 73 42133% [1au] PTR? lb._dns-sd._udp.190.89.235.10.in-addr.arpa. (71)
19:33:42.811364 IP 88.82.10.218.49421 > 192.175.48.42.53: Flags [P.], seq 0:74, ack 1, win 115, options [nop,nop,TS val 2625267389 ecr 209062963], length 74 9544% [1au] PTR? lb._dns-sd._udp.176.163.204.10.in-addr.arpa. (72)
19:33:42.811472 IP 88.82.13.10.56867 > 192.175.48.42.53: Flags [.], ack 780117169, win 115, options [nop,nop,TS val 2625279810 ecr 2484585847], length 0
19:33:42.811495 IP 88.82.13.10.56867 > 192.175.48.42.53: Flags [P.], seq 0:55, ack 1, win 115, options [nop,nop,TS val 2625279810 ecr 2484585847], length 55 38817% [1au] PTR? 102.31.2.10.in-addr.arpa. (53)
19:33:42.811500 IP 88.82.10.219.43881 > 192.175.48.6.53: Flags [S], seq 1012389357, win 29200, options [mss 1436,sackOK,TS val 2616911235 ecr 0,nop,wscale 8], length 0
19:33:42.811791 IP 88.82.13.26.45281 > 192.175.48.42.53: Flags [.], ack 547297471, win 115, options [nop,nop,TS val 2625275865 ecr 1837071328], length 0
19:33:42.811808 IP 88.82.10.218.46467 > 192.175.48.42.53: 19298 PTR? lb._dns-sd._udp.7.116.21.10.in-addr.arpa. (58)
19:33:42.811873 IP 88.82.13.58.48062 > 192.175.48.6.53: 38788% [1au] PTR? lb._dns-sd._udp.80.243.39.10.in-addr.arpa. (70)
19:33:42.811878 IP 88.82.13.10.42689 > 192.175.48.42.53: Flags [.], ack 500116249, win 119, options [nop,nop,TS val 2625279810 ecr 2038550542], length 0
19:33:42.812196 IP 88.82.10.219.41012 > 192.175.48.6.53: 26381% [1au] PTR? lb._dns-sd._udp.83.241.19.10.in-addr.arpa. (70)
19:33:42.812203 IP 88.82.13.10.42689 > 192.175.48.42.53: Flags [F.], seq 0, ack 1, win 119, options [nop,nop,TS val 2625279810 ecr 2038550542], length 0
19:33:42.812222 IP 88.82.13.26.45281 > 192.175.48.42.53: Flags [P.], seq 0:72, ack 1, win 115, options [nop,nop,TS val 2625275865 ecr 1837071328], length 72 21925% [1au] PTR? lb._dns-sd._udp.237.95.14.10.in-addr.arpa. (70)
19:33:42.812450 IP 88.82.13.10.38061 > 192.175.48.42.53: Flags [.], ack 1903258500, win 119, options [nop,nop,TS val 2625279810 ecr 3491999576], length 0
19:33:42.812459 IP 88.82.13.59.36361 > 192.175.48.6.53: Flags [.], ack 3710008644, win 115, options [nop,nop,TS val 2616913085 ecr 968827526], length 0
19:33:42.812472 IP 88.82.13.26.58583 > 192.175.48.6.53: Flags [.], ack 2580178843, win 119, options [nop,nop,TS val 2625275865 ecr 558694488], length 0
20 packets captured
22 packets received by filter
0 packets dropped by kernel
real 0m0.012s
user 0m0.000s
sys 0m0.010s
[root at as112 ~]#
Thanks,
--
Alarig
More information about the dns-operations
mailing list