Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


wazzab

84 posts

Master Geek


#33128 30-Apr-2009 15:55
Send private message


The past couple of months our internet data usage has sky-rocketed. Our small business sits behind an Cisco ASA5510 firewall, and after lots of checks I've come down to the conclusion of our firewall continually bombarded with DNS queries (port 53). 

This is a sample of the continuous logs stream we get :
4|Apr 28 2009|22:48:01|106023|216.239.34.10|53|210.54.xxx.xxx|46211|Deny udp src outside:216.239.34.10/53 dst inside:210.54.xxx.xxx/46211 by access-group "outside_acl" [0x386cf24f, 0x0]

Monitoring our Internet Service it equates to 30Mb per hour continuously which is around 20Gb per month.

There is only a few ips that are hitting us, and it doesn’t seem random, just continuous. When i check the offending ip's the seem to end up back as various Name Servers - the above one is goggle. Can anyone shed any light on why this would be happening and if anything can be done. It started in Dec, and as far as I'm aware nothing had changed to our systems.



Create new topic

mjb

mjb
996 posts

Ultimate Geek

Trusted

  #211041 30-Apr-2009 21:09
Send private message

Something is specifying your IP address as a nameserver.

You'll need to capture the requests to discover what domain it is, and find out where in DNS it's pointing at your IP.

That's the most likely scenario.




contentsofsignaturemaysettleduringshipping




tonyhughes
Hawkes Bay
8476 posts

Uber Geek

Retired Mod
Trusted
Lifetime subscriber

  #211044 30-Apr-2009 21:22
Send private message

Is changing your ip an option?


Doesnt fix the original issue, but will relieve all your symptoms!







mjb

mjb
996 posts

Ultimate Geek

Trusted

  #211045 30-Apr-2009 21:23
Send private message

lol, good answer - I'm so used to having a static IP that I forget that 99% have a semi-dynamic IP :)




contentsofsignaturemaysettleduringshipping




Nety
2584 posts

Uber Geek

Retired Mod
Trusted
Lifetime subscriber

#211046 30-Apr-2009 21:26
Send private message

lol maybe it is Telstras DNS server... the transparent one that is not working properly...

http://www.geekzone.co.nz/forums.asp?ForumId=44&TopicId=29955







Media centre PC - Case Silverstone LC16M with 2 X 80mm AcoustiFan DustPROOF, MOBO Gigabyte MA785GT-UD3H, CPU AMD X2 240 under volted, RAM 4 Gig DDR3 1033, HDD 120Gig System/512Gig data, Tuners 2 X Hauppauge HVR-3000, 1 X HVR-2200, Video Palit GT 220, Sound Realtek 886A HD (onboard), Optical LiteOn DH-401S Blue-ray using TotalMedia Theatre Power Corsair VX Series, 450W ATX PSU OS Windows 7 x64

wazzab

84 posts

Master Geek


  #211135 1-May-2009 08:55
Send private message

thanks for that

changing ip's is not really an option. we have 10 ips all set up starting with our router, then firewall, the progressing thru the mail server, web server and various other apps servers. i will have to keep digging. we are using Telecoms CID (corporate Internet Direct) servic, which has been rock solid for the past 5 years without any drop-outs at all. just annoying that our traffic has started increasing and blowing our data plans.

mjb

mjb
996 posts

Ultimate Geek

Trusted

  #211140 1-May-2009 09:34
Send private message

Seriously, traffic capture time. that will usually end up being very enlightening.




contentsofsignaturemaysettleduringshipping


PenultimateHop
637 posts

Ultimate Geek

Trusted

  #212749 6-May-2009 07:13
Send private message

Agree with a traffic capture; although the log output says to me you are receiving DNS responses from a server. It looks like you're sending DNS queries to those server(s) and then discarding the responses - I'd be checking all my PCs to see what they're sending out to the Internet. It's possible that someone is infected with a DNS based trojan/worm.

 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
wazzab

84 posts

Master Geek


  #212767 6-May-2009 08:45
Send private message

thanks for your advice. after initially querying my provider 6 weeks ago about this and been told, it appeared to be a problem beyond there control, i re-raised a ticket last week. magically get a reply from them saying, that again, looks like nothing is wrong, but 10 mins prior to the email arriving all the DNS bombardment magically stopped. bit too much of a coincidence if you ask me.

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.