The past couple of months our internet data usage has sky-rocketed. Our small business sits behind an Cisco ASA5510 firewall, and after lots of checks I've come down to the conclusion of our firewall continually bombarded with DNS queries (port 53).
This is a sample of the continuous logs stream we get :
4|Apr 28 2009|22:48:01|106023|216.239.34.10|53|210.54.xxx.xxx|46211|Deny udp src outside:216.239.34.10/53 dst inside:210.54.xxx.xxx/46211 by access-group "outside_acl" [0x386cf24f, 0x0]
Monitoring our Internet Service it equates to 30Mb per hour continuously which is around 20Gb per month.
There is only a few ips that are hitting us, and it doesn’t seem random, just continuous. When i check the offending ip's the seem to end up back as various Name Servers - the above one is goggle. Can anyone shed any light on why this would be happening and if anything can be done. It started in Dec, and as far as I'm aware nothing had changed to our systems.