Victor McAllisteer wrote: > > Matthew Schalit wrote: > > > Victor McAllisteer wrote: > > > > > > > > This is some crazy method of geographic load balancing. A whole lot of > > > boxes use TCP port 53 simultaneously to find out what part of the world. > > > > Victor, wouldn't the load balancing we've seen over the > > last months that hits port 53 be SYN traffic? Why > > are all his log entries refering to non-SYN traffic, > > i.e. responses? > > > > Matthew > > There was a lot of list traffic back in May on the LRP list concerning these > port 53 weirdness.
I remember it and read it, but the point of my question remains, the user is certainly not starting tcp connections to all 600 of those computers, so why would they all be *replying*. If the perpetrators of the load balancing we've discussed are now crafting reply traffic to do this balancing, that's what I'd like to know, because that would be mildly unethical and something for which I'd have to tailor my firewall I wrote. Thanks, Matthew > My understanding is that tcp port 53 to port 53 is usually > a zone transfer. Leaf boxes running tiny DNS will not respond to tcp queries. _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
