Re: high volume from outside our networks question

The spoofed ip's are coming from the outside world as real legitimate IP's. They are not coming internally and then heading outwards. We have to allow port 53 traffic from the internet because we publish a dozen domains or so, and also cache for our customers. The question is why does the server re

Re: high volume from outside our networks question

gt; at your firewalls? > And, BTW, a lot of other must be stuff, like ports 135-139 ... > (but that's another story) > > Personally I reject spoofed IPs even without logging. > > > They are more then likely spoofed IP's and >> someone is using our servers to att

Re: high volume from outside our networks question

acl "trusted" { xxx.xxx.xxx.0/20; xxx.xxx.xxx.0/23; xxx.xxx.xxx.0/22; xx.xxx.xxx.0/23; xx.xxx.xxx.0/23; xx.xxx.xxx.0/23; x.xx.xxx.0/21; x.xx.xx.0/24; xxx.xxx.xxx.0/24; localhost; localnets; }; options { // Relative to the chroot director

high volume from outside our networks question

Currently our ISP's bind9 server is experiencing a lot of traffic. It looks like we are being used to attack ip addresses. We do have our own domains that host as well as resolving for our customers. I have an acl for our subnets and we allow-recursion and allow-query-cache for those subnets. The