Statistics

Recent Statistics

This page shows statistics for the previous month (May 2021)

Bad Clients

This shows IP addresses making repeated requests for the same FQDN over and over again (i.e. many times per minute).

There are two reasons to want to do this:

  • To cause a Denial of Service against the IP address shown in the Reverse DNS column (because the FROM address in a DNS query is easily spoofed)
  • To attempt to overload the DNS server by making repeated requests

In both cases WinBIND protects against this by automatically adding a DENY rule to the Windows Firewall within a few minutes of detection. WinBIND removes the offending client from the firewall rule after a certain period of time, so the Occurrences column shows the number of times this IP address found itself on the blacklist again.

IP Address

Occurrences

Reverse DNS

117.27.239.45

7

-

187.155.224.184

7

dsl-187-155-224-184-dyn.prod-infinitum.com.mx

5.252.35.165

7

-

88.156.190.183

7

088156190183.wejherowo.vectranet.pl

94.158.148.33

7

527.854.soborka.net

Bad Client Requests

This shows the most common requests made by each Bad Client (see above).

Count

Request type

Request

Likely Reason

4,146,914

ANY

census.gov

Results in a large amount of data being returned for a very small query

22,513

ANY

.

This is a query for the root name servers so again it results in a very large amount of data being returned in comparison to the query (a single dot)

22,317

ANY

fb.com

This redirects to facebook.com so I'm not sure of the purpose of this one. The query result is not particularly large so I'm not sure what is trying to be achieved here.

8.323

A

sl

Results in a large amount of data being returned for a very small query

36

CH (chaos) / TXT

version.bind

Attempts to get the version of BIND running on the server so that it can be attacked with known exploits

Requests

These are the top 10 genuine requests once the Bad Client Requests have been removed (see table above)

Count

Request

34,507

a.root-servers.net

19,877

play.google.com

14,432

outlook.office365.com

11,747

v10.events.data.microsoft.com

9,797

catalog.gamepass.com

8,010

147.206.188.5.in-addr.arpa

7,056

aka.a.ms

6,972

settings-win.data.microsoft.com

6,615

cc-api-data.adobe.io

6,386

ctldl.windowsupdate.com