nanog mailing list archives
Re: is your host or dhcp server sending dns dynamic updates for rfc1918?
From: Valdis.Kletnieks () vt edu
Date: Fri, 19 Apr 2002 09:39:06 -0400
On Fri, 19 Apr 2002 09:03:51 EDT, Greg Maxwell <gmaxwell () martin fl us> said:
Does anyone already have a SNORT signature to match on these updates to aid in tracking down which hosts behind a NAT are guilty for generating this garbage?
The problem is that the sites that are the big offenders are probably not
the sort of sites that would run Snort.
Now, think about it - one /32 popped of *30K* of these in 4 hours -
and a 'dig -x' shows it to apparently be a DSL line. So we're seeing
2 or 3 DCHP events *PER SECOND* behind that NAT. Either they've got
a bunch of machines doing the Reboot Shuffle and have bigger problems,
or they're big enough that 2-3 DHCP per second is reasonable (at which
point you have to wonder how they're THAT big, and depending on a DSL
line.. ;)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918?, (continued)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? bert hubert (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? bert hubert (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Paul Vixie (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? David Conrad (Apr 19)
- RE: is your host or dhcp server sending dns dynamic updates for rfc1918? Jeroen Massar (Apr 19)
- RE: is your host or dhcp server sending dns dynamic updates for rfc1918? Daniel Senie (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Derek J. Balling (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for Paul Vixie (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for Bill Woodcock (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for Paul Vixie (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Greg Maxwell (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Valdis . Kletnieks (Apr 19)
- RE: is your host or dhcp server sending dns dynamic updates for rfc1918? Bruce Williams (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Valdis . Kletnieks (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Mike Parson (Apr 19)
- RE: is your host or dhcp server sending dns dynamic updates for rfc1918? Ukyo Kuonji (Apr 19)
- RE: is your host or dhcp server sending dns dynamic updates for rfc1918? Eric Germann (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Paul A Vixie (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Paul A Vixie (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Simon Higgs (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Pete Ehlke (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Simon Higgs (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Valdis . Kletnieks (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Simon Higgs (Apr 19)