[MOBY-l] I need a primer on how moby uses DNS
Chris Dagdigian
chris at bioteam.net
Thu Feb 22 18:35:09 UTC 2007
Hi folks,
portal.open-bio.org crashed today right around the time our intrusion
detection / firewall was reporting a massive "UDP Flood Attack"
against the server.
Looking at the actual logs, all the UDP traffic is originating from
port 53 on the remote IP addresses which is the standard port that
DNS queries go over.
Since all OBF DNS except for biomoby.org is outsourced to a third
party provider I'm wondering if our security tools are interpreting
some MOBY type action or service lookup as "UDP flood".
I'm looking for reasons/explanations as to why remote DNS servers
would be hammering us with UDP traffic. Any info on how MOBY clients
or services may be using DNS would be appreciated so I can see if
there is a correlation. Thanks!
Regards,
Chris
open-bio.org
More information about the moby-l
mailing list