PF states limit reached – on three different host at nearly the same time

Leave a Comment / DNS, FreeBSD, LibreNMS, named, Open Source / By

What are the chances that three different hosts, in thee different datacenters all display these messages within seconds of each other?

Dec 31 11:24:28 zuul kernel: [zone: pf states] PF states limit reached
Dec 31 11:24:53 tallboy kernel: [zone: pf states] PF states limit reached
Dec 31 11:24:23 r720-02 kernel: [zone: pf states] PF states limit reached

The uptimes:

[dvl@r720-02:~] $ uptime
 1:42PM  up 62 days, 15:01, 2 users, load averages: 0.04, 0.12, 0.18

[13:42 tallboy dvl ~] % uptime
 1:42PM  up 62 days, 15:37, 2 users, load averages: 0.17, 0.37, 0.34

[13:42 zuul dan ~] % uptime
 1:42PM  up 62 days, 14:56, 2 users, load averages: 0.24, 0.25, 0.30

There was nothing in /var/log/messages although I did notice two previous instances:

Jul 19 09:12:15 r720-02 kernel: [zone: pf states] PF states limit reached
Aug 21 19:03:18 r720-02 kernel: [zone: pf states] PF states limit reached

Some stats:

[dvl@r720-02:~] $ sudo pfctl -sm
states        hard limit   100000
src-nodes     hard limit    10000
frags         hard limit     5000
table-entries hard limit   200000

[dvl@r720-02:~] $ sudo pfctl -si
Status: Enabled for 62 days 15:04:45          Debug: Urgent

State Table                          Total             Rate
  current entries                      257               
  searches                       392521845           72.5/s
  inserts                         50965649            9.4/s
  removals                        50965392            9.4/s
Counters
  match                           54713887           10.1/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                           2550            0.0/s
  memory                            100841            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                              0            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                     34039            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                           29747            0.0/s
  map-failed                             0            0.0/s

[13:53 tallboy dvl ~] % sudo pfctl -sm
states        hard limit   100000
src-nodes     hard limit    10000
frags         hard limit     5000
table-entries hard limit   200000

[13:46 tallboy dvl ~] % sudo pfctl -si
Status: Enabled for 62 days 15:40:11          Debug: Urgent

Interface Stats for em1               IPv4             IPv6
  Bytes In                      7661652237       2108597213
  Bytes Out                    39487669199       2606265609
  Packets In
    Passed                        45053680         26843386
    Blocked                       16488566            19875
  Packets Out
    Passed                          349687                0
    Blocked                       26895559                0

State Table                          Total             Rate
  current entries                      267               
  searches                       171697051           31.7/s
  inserts                         43434545            8.0/s
  removals                        43434280            8.0/s
Counters
  match                           51922754            9.6/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  2            0.0/s
  normalize                           5000            0.0/s
  memory                             50693            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                              0            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                      2424            0.0/s
  state-insert                           2            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                         8807874            1.6/s
  map-failed                             0            0.0/s
[13:46 tallboy dvl ~] % 

[13:53 zuul dan ~] % sudo pfctl -sm
states        hard limit   100000
src-nodes     hard limit    10000
frags         hard limit     5000
table-entries hard limit   200000

[13:46 zuul dan ~] % sudo pfctl -si
Status: Enabled for 26 days 20:57:29          Debug: Urgent

Interface Stats for em0               IPv4             IPv6
  Bytes In                     16571527508       4029424289
  Bytes Out                   152355480990      13882631827
  Packets In
    Passed                       131642916         52830727
    Blocked                       11076985              507
  Packets Out
    Passed                          162661                0
    Blocked                       52126563                0

State Table                          Total             Rate
  current entries                      656               
  searches                       442949861          190.8/s
  inserts                         60655887           26.1/s
  removals                        60655231           26.1/s
Counters
  match                           72567486           31.3/s
  bad-offset                             0            0.0/s
  fragment                               3            0.0/s
  short                                  2            0.0/s
  normalize                           6503            0.0/s
  memory                            107579            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                              0            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                     65465            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                          721766            0.3/s
  map-failed                             0            0.0/s
[13:46 zuul dan ~] %

Metrics

Let’s look at LibreNMS and see what we’ve been able to record. First, let’s look at traffic on the main NIC. They all clearly have a spike at around that time (11:24)

OK, a huge bump in traffic might account for this. What application was this?

It was at this point that I realized the common connection: these hosts are all DNS servers.

I don’t have stats to show you for ns2 because my snmpd configuradtion was broken:

Dec 31 13:59:59 ns2 dvl[67979]: /usr/local/etc/rc.d/snmpd: WARNING: snmpd configuration file /usr/local/etc/snmpd.conf not readable by snmpd user

However, I do have logs for all hosts.

Looking at those logs, you can see by the rotations that a spike did come in at about that time:

[14:23 ns1 dvl /var/log/named] % ls -lt | head 
total 61837
-rw-r--r--  1 bind bind  1512192 2024.12.31 14:23 queries.log
-rw-r--r--  1 bind bind  4840303 2024.12.31 14:20 general.log
-rw-r--r--  1 bind bind  3991069 2024.12.31 14:19 default.log
-rw-r--r--  1 bind bind  2164523 2024.12.31 14:19 security.log
-rw-r--r--  1 bind bind  5242956 2024.12.31 13:33 queries.log.0
-rw-r--r--  1 bind bind  5243079 2024.12.31 11:25 queries.log.1
-rw-r--r--  1 bind bind  5242943 2024.12.31 11:25 queries.log.2
-rw-r--r--  1 bind bind    42869 2024.12.31 05:58 xfer-out.log
-rw-r--r--  1 bind bind   376493 2024.12.30 22:06 dnssec.log
[14:23 ns1 dvl /var/log/named] % 

[14:23 ns2 dvl /var/log/named] % ls -lt | head 
total 58357
-rw-r--r--  1 bind bind  4041704 2024.12.31 14:23 queries.log
-rw-r--r--  1 bind bind   457806 2024.12.31 14:21 general.log
-rw-r--r--  1 bind bind  2099384 2024.12.31 13:28 default.log
-rw-r--r--  1 bind bind  4572507 2024.12.31 13:28 security.log
-rw-r--r--  1 bind bind  5243011 2024.12.31 12:18 queries.log.0
-rw-r--r--  1 bind bind  5243030 2024.12.31 11:25 queries.log.1
-rw-r--r--  1 bind bind  5242996 2024.12.31 11:25 queries.log.2
-rw-r--r--  1 bind bind   218942 2024.12.31 05:41 xfer-out.log
-rw-r--r--  1 bind bind  3400431 2024.12.31 01:26 lame-servers.log

[14:23 r720-02-ns3 dvl /var/log/named] % ls -lt | head 
total 23311
-rw-r--r--  1 bind bind 4809881 2024.12.31 14:23 queries.log
-rw-r--r--  1 bind bind 2860634 2024.12.31 14:22 general.log
-rw-r--r--  1 bind bind 1878118 2024.12.31 14:16 default.log
-rw-r--r--  1 bind bind 5041088 2024.12.31 14:16 security.log
-rw-r--r--  1 bind bind 5242941 2024.12.31 11:28 queries.log.0
-rw-r--r--  1 bind bind 5242948 2024.12.31 11:25 queries.log.1
-rw-r--r--  1 bind bind 5242947 2024.12.31 11:25 queries.log.2
-rw-r--r--  1 bind bind   18579 2024.12.31 06:38 xfer-out.log
-rw-r--r--  1 bind bind  706477 2024.12.30 19:56 dnssec.log

Log contents

Let’s have a look at the log contents, which have been slightly modified to deter scrapers.

[14:25 ns2 dvl /var/log/named] % less queries.log.1
31-Dec-2024 11:25:32.928 client @0x374a17ddf160 172.253.255.53#64080 (Data.consEjerIA.FrEshpoRtS.invalid): query: Data.consEjerIA.FrEshpoRtS.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 185.117.243.0/24/0]
31-Dec-2024 11:25:32.928 client @0x374a16647160 61.122.125.82#1527 (mvolith.freshports.invalid): query: mvolith.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.928 client @0x374a17a61160 217.196.16.146#8460 (anitavs50.freshports.invalid): query: anitavs50.freshports.invalid IN CNAME -E(0)DV (162.208.116.85)
31-Dec-2024 11:25:32.928 client @0x374a17d3b160 2800:3f0:4003:c08::123#63663 (STYLeD-CsS-griD.freshpORts.invalid): query: STYLeD-CsS-griD.freshpORts.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 8.243.126.0/24/0]
31-Dec-2024 11:25:32.928 client @0x374a17e2b160 2400:cb00:12:1024::ac45:2088#56483 (eglu.freshports.invalid): query: eglu.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.928 client @0x374a16647160 212.72.130.20#63152 (www.philjens.freshports.invalid): query: www.philjens.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.929 client @0x374a17a61160 172.217.32.88#45820 (PUKEPAIREnPaIjUEji.frEshPOrTS.invalid): query: PUKEPAIREnPaIjUEji.frEshPOrTS.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 5.148.5.0/24/0]
31-Dec-2024 11:25:32.929 client @0x374a17ddf160 194.226.75.83#48502 (CENTRoBieNestAR-fOrtUny.freshPORts.invalid): query: CENTRoBieNestAR-fOrtUny.freshPORts.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.929 client @0x374a17d82160 162.158.89.109#57665 (wifi-key-recovery.freshports.invalid): query: wifi-key-recovery.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.929 client @0x374a17d82160 74.125.178.152#51264 (roPEsaNdRHInEsTONES.FRESHpoRTS.invalid): query: roPEsaNdRHInEsTONES.FRESHpoRTS.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 103.143.139.0/24/0]
31-Dec-2024 11:25:32.929 client @0x374a17d82160 203.14.8.12#42435 (smolninsky.spb.freshports.invalid): query: smolninsky.spb.freshports.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.929 client @0x374a16647160 208.81.172.12#36956 (comdataczech.freshports.invalid): query: comdataczech.freshports.invalid IN CNAME -E(0)DV (162.208.116.85)
31-Dec-2024 11:25:32.930 client @0x374a18416160 2404:6800:4008:c03::126#52054 (OMTrAvCO.fREsHpORts.invalid): query: OMTrAvCO.fREsHpORts.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 122.55.159.0/24/0]
31-Dec-2024 11:25:32.930 client @0x374a17e2b160 2404:6800:4013:807::125#49408 (Www.DiSPErSioNS-pIGmenTs.FRESHPORts.invalid): query: Www.DiSPErSioNS-pIGmenTs.FRESHPORts.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 103.149.131.0/24/0]
31-Dec-2024 11:25:32.930 client @0x374a16647160 192.221.135.11#30123 (quANQIuboCAiWANgzHAn.fresHpORtS.invalid): query: quANQIuboCAiWANgzHAn.fresHpORtS.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.930 client @0x374a18416160 2404:6800:4003:c05::120#60919 (tHAIpOP-DeSCaRgaS.frEshPOrtS.invalid): query: tHAIpOP-DeSCaRgaS.frEshPOrtS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 103.121.228.0/24/0]
31-Dec-2024 11:25:32.931 client @0x374a17e2b160 2620:119:13::87#41890 (jua.freshports.invalid): query: jua.freshports.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.931 client @0x374a17d82160 51.254.73.76#15049 (whirlio.freshports.invalid): query: whirlio.freshports.invalid IN A -E(0)DC (162.208.116.85) [ECS 141.94.143.0/24/0]
31-Dec-2024 11:25:32.931 client @0x374a17ddf160 201.163.56.4#32402 (cgfie.freshports.invalid): query: cgfie.freshports.invalid IN NS -E(0)DV (162.208.116.85)
31-Dec-2024 11:25:32.931 client @0x374a16647160 202.248.239.140#25713 (escolademoz.freshports.invalid): query: escolademoz.freshports.invalid IN CNAME -E(0)DCV (162.208.116.85)
31-Dec-2024 11:25:32.931 client @0x374a18416160 2400:cb00:633:1024::a29e:6965#31166 (labs.vse.freshports.invalid): query: labs.vse.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.931 client @0x374a17e2b160 2403:4800:2:12::116#34435 (minovski.freshports.invalid): query: minovski.freshports.invalid IN CNAME -E(0)DCK (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.932 client @0x374a17ddf160 172.253.229.209#59628 (wEbSHop-BBc.fREsHPOrtS.invalid): query: wEbSHop-BBc.fREsHPOrtS.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 103.149.131.0/24/0]
31-Dec-2024 11:25:32.932 client @0x374a17e2b160 2001:67c:1212:4000:193:232:231:82#31361 (GLimmerLEblONDe.Freshports.invalid): query: GLimmerLEblONDe.Freshports.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.932 client @0x374a16647160 203.113.111.18#42275 (www.skillsforge.freshports.invalid): query: www.skillsforge.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.932 client @0x374a17ddf160 202.153.32.5#12626 (miuithemestore.freshports.invalid): query: miuithemestore.freshports.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.932 client @0x374a18416160 2001:67c:1212:4000:193:232:231:82#36110 (OrqUideASSeMsEGRedOs.FReshpoRTS.invalid): query: OrqUideASSeMsEGRedOs.FReshpoRTS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.933 client @0x374a17ddf160 172.70.249.225#52025 (jinshayulechengguan.freshports.invalid): query: jinshayulechengguan.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.933 client @0x374a16647160 216.155.71.42#35272 (encysco.freshports.invalid): query: encysco.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.933 client @0x374a16647160 93.175.192.48#61305 (changbaozuqiubocaigongsi.freshports.invalid): query: changbaozuqiubocaigongsi.freshports.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.933 client @0x374a17ddf160 192.221.134.4#25655 (CSitpROGrAM.FresHPOrTS.invalid): query: CSitpROGrAM.FresHPOrTS.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.933 client @0x374a17ddf160 203.113.111.226#4302 (www.skillsforge.freshports.invalid): query: www.skillsforge.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.935 client @0x374a17ddf160 78.85.0.92#48004 (sexprive.freshports.invalid): query: sexprive.freshports.invalid IN CNAME -E(0)DCV (162.208.116.85)
31-Dec-2024 11:25:32.935 client @0x374a16647160 172.217.34.211#52237 (tURmak.FREsHporTs.invalid): query: tURmak.FREsHporTs.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 103.183.141.0/24/0]
31-Dec-2024 11:25:32.935 client @0x374a17ddf160 172.253.211.82#46495 (GCHQCHalLenGe.fREShPortS.invalid): query: GCHQCHalLenGe.fREShPortS.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 103.194.174.0/24/0]
31-Dec-2024 11:25:32.936 client @0x374a16647160 109.233.89.139#39132 (88yuleCHengDaBAiSHA.frEshpORts.invalid): query: 88yuleCHengDaBAiSHA.frEshpORts.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.936 client @0x374a17ddf160 121.167.11.15#56025 (okno.freshports.invalid): query: okno.freshports.invalid IN NS -E(0)DCV (162.208.116.85)
31-Dec-2024 11:25:32.936 client @0x374a16647160 192.221.150.138#11963 (En.FReShpOrTS.invalid): query: En.FReShpOrTS.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.936 client @0x374a18416160 2001:40f0:0:d1::22#36987 (schoolnursenet.freshports.invalid): query: schoolnursenet.freshports.invalid IN CNAME -E(0)DV (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.936 client @0x374a16647160 101.53.12.102#65236 (senseisekai.freshports.invalid): query: senseisekai.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.937 client @0x374a17ddf160 103.144.182.22#15290 (portalkesehatanku.freshports.invalid): query: portalkesehatanku.freshports.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.937 client @0x374a17e2b160 2001:fc0:1000:1000:210:193:2:66#45022 (pays-basque.freshports.invalid): query: pays-basque.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.938 client @0x374a16647160 187.141.158.250#9810 (baijialetongjigailv.freshports.invalid): query: baijialetongjigailv.freshports.invalid IN CNAME -E(0) (162.208.116.85)
31-Dec-2024 11:25:32.938 client @0x374a17ddf160 162.158.89.109#39169 (collectionsearch.freshports.invalid): query: collectionsearch.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.939 client @0x374a16647160 192.221.150.141#43784 (ScotgOesPOP.FresHPORts.invalid): query: ScotgOesPOP.FresHPORts.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.939 client @0x374a17e2b160 2400:cb00:446:1024::ac46:d1b9#43723 (aomenzuqiubodan.freshports.invalid): query: aomenzuqiubodan.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.940 client @0x374a18416160 2400:cb00:446:1024::ac46:d1bb#10088 (norbert.freshports.invalid): query: norbert.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.940 client @0x374a17ddf160 206.81.192.2#50931 (retegas.freshports.invalid): query: retegas.freshports.invalid IN CNAME -E(0)DCV (162.208.116.85)
31-Dec-2024 11:25:32.940 client @0x374a17e2b160 2001:19f0:6400:116b:5400:ff:fe24:1e5e#30126 (igrek.freshports.invalid): query: igrek.freshports.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.940 client @0x374a17e2b160 2607:f8b0:4020:c02::128#38335 (wWw.IFAD.fResHporTS.invalid): query: wWw.IFAD.fResHporTS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 216.208.108.0/24/0]
31-Dec-2024 11:25:32.940 client @0x374a18416160 2620:119:13::70#12676 (skyhi.freshports.invalid): query: skyhi.freshports.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.940 client @0x374a17ddf160 172.217.39.146#36051 (anVElopa-BICIcleTa.FReShpOrts.invalid): query: anVElopa-BICIcleTa.FReShpOrts.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 181.94.245.0/24/0]
31-Dec-2024 11:25:32.940 client @0x374a16647160 211.115.194.7#34587 (noorderpoort.freshports.invalid): query: noorderpoort.freshports.invalid IN CNAME -E(0)DV (162.208.116.85)
31-Dec-2024 11:25:32.940 client @0x374a17e2b160 2404:6800:400b:c015::120#49526 (bOcAiYIZudAndOngtUMI353.FreSHpOrTs.invalid): query: bOcAiYIZudAndOngtUMI353.FreSHpOrTs.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 153.153.150.0/24/0]
31-Dec-2024 11:25:32.940 client @0x374a17ddf160 74.125.73.86#44981 (Bp-LUMBuNgACc.FrEShPoRts.invalid): query: Bp-LUMBuNgACc.FrEShPoRts.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 77.158.164.0/24/0]
31-Dec-2024 11:25:32.941 client @0x374a17e2b160 2607:f8b0:4004:c1d::124#43113 (ParTScATALog.fReSHPoRts.invalid): query: ParTScATALog.fReSHPoRts.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 104.36.52.0/24/0]
31-Dec-2024 11:25:32.942 client @0x374a17e2b160 2804:14c:12::5#41224 (alexpeng0310.freshports.invalid): query: alexpeng0310.freshports.invalid IN CNAME -E(0)DK (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.942 client @0x374a17e2b160 2404:6800:4013:804::121#40124 (tIanjiANQipaIyouxi.FReshpOrTs.invalid): query: tIanjiANQipaIyouxi.FReshpOrTs.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 103.149.131.0/24/0]
31-Dec-2024 11:25:32.942 client @0x374a17d3b160 2607:f8b0:4004:c17::126#43879 (GOlDEnTImEPicTUrEs.FrEsHPORTS.invalid): query: GOlDEnTImEPicTUrEs.FrEsHPORTS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 104.36.52.0/24/0]
31-Dec-2024 11:25:32.942 client @0x374a17ddf160 172.253.226.52#37027 (PLaYflIP.FRESHPoRTs.invalid): query: PLaYflIP.FRESHPoRTs.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 103.57.71.0/24/0]
31-Dec-2024 11:25:32.943 client @0x374a16647160 49.254.144.223#60041 (xxxbebexxx.blog.freshports.invalid): query: xxxbebexxx.blog.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.943 client @0x374a17ddf160 172.69.8.83#61050 (windwardcc.freshports.invalid): query: windwardcc.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.943 client @0x374a17d3b160 2404:6800:4003:c03::12a#45180 (AksTUR.FReshPorTs.invalid): query: AksTUR.FReshPorTs.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 202.87.214.0/24/0]
31-Dec-2024 11:25:32.944 client @0x374a17ddf160 181.177.20.15#44243 (qiutanwangjishibifen.freshports.invalid): query: qiutanwangjishibifen.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.944 client @0x374a17ddf160 74.125.74.24#42503 (sUpErmaRKT.FreshPoRTS.invalid): query: sUpErmaRKT.FreshPoRTS.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 141.8.180.0/24/0]
31-Dec-2024 11:25:32.944 client @0x374a17ddf160 208.184.237.141#40927 (rohissmpn14depok.freshports.invalid): query: rohissmpn14depok.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.944 client @0x374a17ddf160 43.153.37.44#17899 (leonheart94.freshports.invalid): query: leonheart94.freshports.invalid IN A -E(0)C (162.208.116.85) [ECS 8.43.117.0/24/0]
31-Dec-2024 11:25:32.944 client @0x374a16647160 203.119.8.106#58641 (teamviewer.br.freshports.invalid): query: teamviewer.br.freshports.invalid IN CNAME -E(0)DCV (162.208.116.85)
31-Dec-2024 11:25:32.944 client @0x374a17ddf160 162.158.89.109#27681 (junon.freshports.invalid): query: junon.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.945 client @0x374a17ddf160 95.110.166.62#55705 (aomenxinhaotiandiyulechang.freshports.invalid): query: aomenxinhaotiandiyulechang.freshports.invalid IN CNAME - (162.208.116.85)
31-Dec-2024 11:25:32.945 client @0x374a17ddf160 197.234.241.8#41146 (portalciudadano.freshports.invalid): query: portalciudadano.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.945 client @0x374a18416160 2001:4ba8:104:1::1#38491 (ivcc.freshports.invalid): query: ivcc.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.945 client @0x374a18416160 2001:4ba8:104:1::1#48417 (manaba.freshports.invalid): query: manaba.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.945 client @0x374a16647160 195.249.60.36#56799 (daintysquid.freshports.invalid): query: daintysquid.freshports.invalid IN CNAME -E(0)DV (162.208.116.85)
31-Dec-2024 11:25:32.946 client @0x374a17ddf160 185.74.5.1#44920 (cloudxmoe.freshports.invalid): query: cloudxmoe.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.946 client @0x374a16647160 172.253.219.24#46635 (zucAiYucE.FrEshPORtS.invalid): query: zucAiYucE.FrEshPORtS.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 209.13.96.0/24/0]
31-Dec-2024 11:25:32.946 client @0x374a17d3b160 2a00:1450:4010:c02::126#38672 (TigErSAN.fREshporTs.invalid): query: TigErSAN.fREshporTs.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 93.158.164.0/24/0]
31-Dec-2024 11:25:32.946 client @0x374a17ddf160 153.128.63.247#20607 (sbsmedianet.freshports.invalid): query: sbsmedianet.freshports.invalid IN CNAME -E(0) (162.208.116.85)
31-Dec-2024 11:25:32.947 client @0x374a18416160 2a00:1450:4001:c00::120#37112 (SOcCEr-cANDidS.frEShPoRts.invalid): query: SOcCEr-cANDidS.frEShPoRts.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 212.5.214.0/24/0]
31-Dec-2024 11:25:32.947 client @0x374a17d3b160 2a00:1450:4001:c02::125#37187 (NASwWa.FResHpoRtS.invalid): query: NASwWa.FResHpoRtS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 178.222.250.0/24/0]
31-Dec-2024 11:25:32.947 client @0x374a17ddf160 162.158.180.50#24979 (mylj01.freshports.invalid): query: mylj01.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.947 client @0x374a17ddf160 172.70.161.151#16821 (gutierrez.freshports.invalid): query: gutierrez.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.948 client @0x374a17d82160 172.217.32.153#52585 (FUllepISOde11.FResHPorTS.invalid): query: FUllepISOde11.FResHPorTS.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 202.87.213.0/24/0]
31-Dec-2024 11:25:32.948 client @0x374a17d82160 172.253.226.118#38809 (PlaYfLIp.freSHports.invalid): query: PlaYfLIp.freSHports.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 103.57.71.0/24/0]
31-Dec-2024 11:25:32.949 client @0x374a18416160 2a00:1450:4025:1803::123#41633 (cL8fr.FrEshPorTS.invalid): query: cL8fr.FrEshPorTS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 41.230.218.0/24/0]
31-Dec-2024 11:25:32.949 client @0x374a16647160 203.119.8.106#51145 (tommiestools.freshports.invalid): query: tommiestools.freshports.invalid IN CNAME -E(0)DCV (162.208.116.85)
31-Dec-2024 11:25:32.949 client @0x374a17d82160 8.0.22.133#26822 (dUihuanJIaNGpInDeqipAIYouXi.fReShPORTs.invalid): query: dUihuanJIaNGpInDeqipAIYouXi.fReShPORTs.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.949 client @0x374a18416160 2001:df6:c00:2::5#33606 (semanadaartemoderna.freshports.invalid): query: semanadaartemoderna.freshports.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.950 client @0x374a17d82160 192.221.135.1#18519 (invEStaLL.frEShpOrTS.invalid): query: invEStaLL.frEShpOrTS.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.950 client @0x374a17ddf160 192.221.142.6#62159 (csSprOFILE.FRESHPoRTS.invalid): query: csSprOFILE.FRESHPoRTS.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.950 client @0x374a16647160 172.70.213.79#47600 (starchive.freshports.invalid): query: starchive.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.951 client @0x374a17d3b160 2400:cb00:12:1024::ac45:2099#32381 (notangkalagujepang.freshports.invalid): query: notangkalagujepang.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.951 client @0x374a17d3b160 2001:67c:1212:4000:193:232:231:82#29939 (CoDE-PISHvAZ.FrEsHPoRTS.invalid): query: CoDE-PISHvAZ.FrEsHPoRTS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.951 client @0x374a17ddf160 173.194.170.16#39088 (www.citTAdELLASaluTE.fReSHpOrts.invalid): query: www.citTAdELLASaluTE.fReSHpOrts.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 5.149.141.0/24/0]
31-Dec-2024 11:25:32.951 client @0x374a18416160 2404:6800:4008:c03::128#53379 (FtScarioCAKiTS.frESHPORTs.invalid): query: FtScarioCAKiTS.frESHPORTs.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 123.241.252.0/24/0]
31-Dec-2024 11:25:32.952 client @0x374a16647160 69.252.244.167#58702 (fyatrans.freshports.invalid): query: fyatrans.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.952 client @0x374a18416160 2001:fc0:1000:2000:203:211:152:66#53436 (monroe-sfusd-ca.freshports.invalid): query: monroe-sfusd-ca.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.952 client @0x374a17ddf160 190.171.115.170#32790 (urbeauty.freshports.invalid): query: urbeauty.freshports.invalid IN CNAME -E(0)DV (162.208.116.85)
31-Dec-2024 11:25:32.953 client @0x374a16647160 162.158.185.58#15183 (yumememo0300.freshports.invalid): query: yumememo0300.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.953 client @0x374a18416160 2400:cb00:12:1024::ac45:2088#19498 (careers-marathon-health.freshports.invalid): query: careers-marathon-health.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.953 client @0x374a16647160 205.171.177.196#51245 (atlcarnival.freshports.invalid): query: atlcarnival.freshports.invalid IN CNAME -E(0)DCV (162.208.116.85)
31-Dec-2024 11:25:32.953 client @0x374a17ddf160 205.171.175.195#55535 (bettykam.blog129.freshports.invalid): query: bettykam.blog129.freshports.invalid IN CNAME -E(0)DCV (162.208.116.85)
31-Dec-2024 11:25:32.953 client @0x374a16647160 192.221.135.15#37935 (HaEnGbOkhae.FrEShpOrtS.invalid): query: HaEnGbOkhae.FrEShpOrtS.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.953 client @0x374a17ddf160 106.241.133.11#22222 (aec722.freshports.invalid): query: aec722.freshports.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.953 client @0x374a17ddf160 162.158.89.109#36217 (m.competenciasbasicas.freshports.invalid): query: m.competenciasbasicas.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.953 client @0x374a18416160 2a04:e4c0:41::76#34114 (www.chems.freshports.invalid): query: www.chems.freshports.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.954 client @0x374a16647160 213.157.188.146#55472 (xn--42ca7dtao7e5a6b1ezd3b.freshports.invalid): query: xn--42ca7dtao7e5a6b1ezd3b.freshports.invalid IN CNAME -E(0)DCK (162.208.116.85)
31-Dec-2024 11:25:32.954 client @0x374a1665c160 192.221.150.7#19634 (PseCu.frEsHpoRtS.invalid): query: PseCu.frEsHpoRtS.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.954 client @0x374a1665c160 62.183.62.72#20183 (docusHare.frEshPORts.invalid): query: docusHare.frEshPORts.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.954 client @0x374a18416160 2a00:a040:0:200:2::15#27971 (ouzhoubeizuqiusai.freshports.invalid): query: ouzhoubeizuqiusai.freshports.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.954 client @0x374a1665c160 173.194.171.220#64864 (WowMALl.fresHPoRTS.invalid): query: WowMALl.fresHPoRTS.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 102.22.81.0/24/0]
31-Dec-2024 11:25:32.954 client @0x374a17ddf160 95.167.134.218#64873 (FILtEr5EXTeRnal.FREsHpORts.invalid): query: FILtEr5EXTeRnal.FREsHpORts.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.954 client @0x374a17d3b160 2400:cb00:446:1024::ac46:d1b9#14725 (cookiemeg.freshports.invalid): query: cookiemeg.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.954 client @0x374a1665c160 192.221.142.15#51580 (MaRCOs.freSHporTs.invalid): query: MaRCOs.freSHporTs.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.956 client @0x374a17ddf160 47.252.82.250#30867 (bkprecision.freshports.invalid): query: bkprecision.freshports.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 1.32.233.0/25/0]
31-Dec-2024 11:25:32.956 client @0x374a17ddf160 172.69.56.74#10737 (joey980161.freshports.invalid): query: joey980161.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.956 client @0x374a17ddf160 45.68.35.203#13552 (PALIsAdesPARklibRary.freShpOrts.invalid): query: PALIsAdesPARklibRary.freShpOrts.invalid IN A -E(0)DC (162.208.116.85) [ECS 190.185.118.0/24/0]
31-Dec-2024 11:25:32.956 client @0x374a18416160 2404:6800:4005:c08::121#46483 (PeNSIONs.frEsHpoRtS.invalid): query: PeNSIONs.frEsHpoRtS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 103.242.58.0/24/0]
31-Dec-2024 11:25:32.956 client @0x374a1665c160 162.158.89.109#38982 (dotori1215.freshports.invalid): query: dotori1215.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.956 client @0x374a17ddf160 2.207.170.66#39451 (kInlb.fReSHPORTS.invalid): query: kInlb.fReSHPORTS.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.956 client @0x374a1665c160 52.71.229.214#10570 (wushenji-the-magus-era.freshports.invalid): query: wushenji-the-magus-era.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.957 client @0x374a17ddf160 64.225.80.208#39444 (421.fREShPorTs.invalid): query: 421.fREShPorTs.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.957 client @0x374a18416160 2400:cb00:376:1024::ac46:54a4#59137 (wlmedeiros.freshports.invalid): query: wlmedeiros.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.957 client @0x374a1665c160 37.17.118.149#6096 (wer3799.freshports.invalid): query: wer3799.freshports.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.957 client @0x374a1665c160 37.17.118.149#19546 (wer3799.freshports.invalid): query: wer3799.freshports.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.957 client @0x374a18416160 2400:cb00:491:1024::ac44:9047#17103 (fesb.freshports.invalid): query: fesb.freshports.invalid IN A -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.958 client @0x374a1665c160 201.163.56.4#32893 (bancamovil.freshports.invalid): query: bancamovil.freshports.invalid IN CNAME -E(0)DV (162.208.116.85)
31-Dec-2024 11:25:32.958 client @0x374a1665c160 24.116.92.101#33104 (comando-tatico-policial.freshports.invalid): query: comando-tatico-policial.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.958 client @0x374a1665c160 13.67.16.80#64448 (yuru-korea.freshports.invalid): query: yuru-korea.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.958 client @0x374a17d3b160 2404:6800:4013:807::121#40072 (maSOn-EAsy-pAY.frESHpOrtS.invalid): query: maSOn-EAsy-pAY.frESHpOrtS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 103.57.71.0/24/0]
31-Dec-2024 11:25:32.960 client @0x374a1665c160 172.253.210.86#37401 (asalOtO.fReShPORts.invalid): query: asalOtO.fReShPORts.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 24.104.129.0/24/0]
31-Dec-2024 11:25:32.960 client @0x374a16647160 190.153.173.190#53670 (spraktest.freshports.invalid): query: spraktest.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.960 client @0x374a1674c160 172.217.33.147#36390 (MULtcOlib.FrEshPORTS.invalid): query: MULtcOlib.FrEshPORTS.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 195.243.99.0/24/0]
31-Dec-2024 11:25:32.960 client @0x374a17ddf160 213.21.175.1#21129 (arifhidayat659.freshports.invalid): query: arifhidayat659.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.960 client @0x374a17ddf160 213.57.2.10#17659 (careers-seminole.freshports.invalid): query: careers-seminole.freshports.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.960 client @0x374a17d3b160 2a02:2908:101:5::26#8374 (noStalJIK-FUTBOL.FreshPOrTS.invalid): query: noStalJIK-FUTBOL.FreshPOrTS.invalid IN A -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.960 client @0x374a17ddf160 74.125.114.148#58184 (UnuNoCTiUmGROup.FReshpOrTs.invalid): query: UnuNoCTiUmGROup.FReshpOrTs.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 93.158.164.0/24/0]
31-Dec-2024 11:25:32.961 client @0x374a17d3b160 2400:cb00:158:1024::ac45:853#37815 (bsde.freshports.invalid): query: bsde.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.961 client @0x374a17d3b160 2800:3f0:4003:c08::129#57051 (mtF.fREshPOrTS.invalid): query: mtF.fREshPOrTS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 38.137.195.0/24/0]
31-Dec-2024 11:25:32.962 client @0x374a1674c160 172.253.214.27#50668 (AuTO-worKs.FReShPOrts.invalid): query: AuTO-worKs.FReShPOrts.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 104.36.52.0/24/0]
31-Dec-2024 11:25:32.962 client @0x374a18416160 2800:680:12:b::5#45079 (inen.freshports.invalid): query: inen.freshports.invalid IN CNAME -E(0) (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.963 client @0x374a1674c160 61.81.63.137#55058 (ootayasano.blog.freshports.invalid): query: ootayasano.blog.freshports.invalid IN CNAME -E(0)DCV (162.208.116.85)
31-Dec-2024 11:25:32.963 client @0x374a17ddf160 80.71.208.214#41651 (freeotp.freshports.invalid): query: freeotp.freshports.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.963 client @0x374a17d3b160 2a00:1fa4:18:4:ddd1:ddd1:9997:ddd1#15197 (a3ccc.freshports.invalid): query: a3ccc.freshports.invalid IN A -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.963 client @0x374a17d3b160 2a00:1fa4:18:4:ddd1:ddd1:9997:ddd1#44545 (a3ccc.freshports.invalid): query: a3ccc.freshports.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.963 client @0x374a17ddf160 211.115.194.6#54460 (guiadoshamsters.freshports.invalid): query: guiadoshamsters.freshports.invalid IN CNAME -E(0)DV (162.208.116.85)
31-Dec-2024 11:25:32.964 client @0x374a17ddf160 95.167.134.218#7919 (LAPTOp5.FrEshPorTS.invalid): query: LAPTOp5.FrEshPorTS.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.964 client @0x374a17ddf160 78.30.254.60#63448 (zhenrenshipinqipaiyouxi.freshports.invalid): query: zhenrenshipinqipaiyouxi.freshports.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.964 client @0x374a18416160 2404:6800:4013:807::124#57466 (fULLLSTaR.frEsHPortS.invalid): query: fULLLSTaR.frEsHPortS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 103.145.165.0/24/0]
31-Dec-2024 11:25:32.964 client @0x374a1674c160 190.171.115.170#55965 (monedas-fake.freshports.invalid): query: monedas-fake.freshports.invalid IN CNAME -E(0)DV (162.208.116.85)
31-Dec-2024 11:25:32.965 client @0x374a1674c160 64.225.80.208#65273 (www.itwm.freshports.invalid): query: www.itwm.freshports.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.965 client @0x374a17ddf160 173.194.98.21#43849 (weBSTermelaniA.freshpORTs.invalid): query: weBSTermelaniA.freshpORTs.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 93.158.164.0/24/0]
31-Dec-2024 11:25:32.965 client @0x374a17ddf160 80.254.108.209#15044 (JInGcAiwaNg.fREShportS.invalid): query: JInGcAiwaNg.fREShportS.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.965 client @0x374a17ddf160 41.77.116.58#56003 (d201.freshports.invalid): query: d201.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.966 client @0x374a17ddf160 192.221.150.10#42793 (GajaGu.FrESHPorts.invalid): query: GajaGu.FrESHPorts.invalid IN A -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.966 client @0x374a1674c160 162.158.185.58#23489 (staste.freshports.invalid): query: staste.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.967 client @0x374a18416160 2a00:5881:8100:1000::3#34114 (zenuity.freshports.invalid): query: zenuity.freshports.invalid IN A -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.967 client @0x374a1674c160 162.158.89.110#42945 (ip-220.freshports.invalid): query: ip-220.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.967 client @0x374a17d3b160 2a01:cb04:2040:25::184#16132 (restful-api-design.freshports.invalid): query: restful-api-design.freshports.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.967 client @0x374a17d3b160 2400:cb00:446:1024::ac46:d1bb#60901 (www.cbbank.freshports.invalid): query: www.cbbank.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.968 client @0x374a1674c160 162.241.48.42#14709 (ejurnal.litbang.freshports.invalid): query: ejurnal.litbang.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.968 client @0x374a17d3b160 2a00:ab00:1000:1::2#41481 (bet365zenmejinbuqu.freshports.invalid): query: bet365zenmejinbuqu.freshports.invalid IN A -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.968 client @0x374a1674c160 172.253.255.53#46433 (tSUkinOrIrIka.blOg48.FreShpoRTs.invalid): query: tSUkinOrIrIka.blOg48.FreShpoRTs.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 194.183.168.0/24/0]
31-Dec-2024 11:25:32.968 client @0x374a18416160 2a01:cb04:2040:25::184#45983 (hk2lite.freshports.invalid): query: hk2lite.freshports.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.968 client @0x374a17d3b160 2400:cb00:619:1024::a29e:596d#55170 (philadelphia-heliumcomedy-com.freshports.invalid): query: philadelphia-heliumcomedy-com.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.968 client @0x374a1674c160 192.221.135.3#4756 (iNvestALl.FRESHports.invalid): query: iNvestALl.FRESHports.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.969 client @0x374a1674c160 172.217.39.154#41293 (plANTs-Vs-ZombiES-2.Id.fResHpOrtS.invalid): query: plANTs-Vs-ZombiES-2.Id.fResHpOrtS.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 204.199.130.0/24/0]
31-Dec-2024 11:25:32.969 client @0x374a16647160 192.178.38.151#55544 (TeRrYTaNgyUan.fReShPorTS.invalid): query: TeRrYTaNgyUan.fReShPorTS.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 103.164.110.0/24/0]
31-Dec-2024 11:25:32.969 client @0x374a17d3b160 2404:6800:4005:c03::126#54490 (Serpiko.FreSHpORTS.invalid): query: Serpiko.FreSHpORTS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 103.242.58.0/24/0]
31-Dec-2024 11:25:32.969 client @0x374a18416160 2001:4ba8:104:1::1#37499 (aprendizagemvirtual.freshports.invalid): query: aprendizagemvirtual.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.970 client @0x374a18416160 2800:680:12:f::4#59961 (inen.freshports.invalid): query: inen.freshports.invalid IN CNAME -E(0) (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.970 client @0x374a17d3b160 2a00:1450:4010:c1e::12e#34436 (WWW.fOM.freShPORts.invalid): query: WWW.fOM.freShPORts.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 141.8.180.0/24/0]
31-Dec-2024 11:25:32.970 client @0x374a18416160 2c0f:fb50:4001:5::122#54571 (bisheNGGUoJIyULECHenG.fREshpORTS.invalid): query: bisheNGGUoJIyULECHenG.fREshpORTS.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 197.219.229.0/24/0]
31-Dec-2024 11:25:32.970 client @0x374a17d3b160 2404:6800:4000:1003::129#56225 (WWw.PRb.stATe.freshPOrts.invalid): query: WWw.PRb.stATe.freshPOrts.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 103.146.84.0/24/0]
31-Dec-2024 11:25:32.971 client @0x374a17ddf160 192.221.135.9#18763 (HAEngbOKhaE.frESHpOrts.invalid): query: HAEngbOKhaE.frESHpOrts.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.971 client @0x374a17d3b160 2c0f:fb50:4001:5::12c#38299 (FINechifLatIroN.FReshpORts.invalid): query: FINechifLatIroN.FReshpORts.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9) [ECS 105.243.213.0/24/0]
31-Dec-2024 11:25:32.971 client @0x374a17e2b160 2400:cb00:619:1024::a29e:596d#31640 (realtimeimages.freshports.invalid): query: realtimeimages.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.971 client @0x374a17ddf160 158.69.169.7#19756 (dlci.freshports.invalid): query: dlci.freshports.invalid IN A -E(0)DC (162.208.116.85) [ECS 51.79.99.0/24/0]
31-Dec-2024 11:25:32.971 client @0x374a17ddf160 8.0.22.134#29710 (drACARd.freShPOrTS.invalid): query: drACARd.freShPOrTS.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.972 client @0x374a17ddf160 162.158.180.50#44367 (load-animation.freshports.invalid): query: load-animation.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.972 client @0x374a16647160 216.229.25.26#33147 (pitchanan12579.freshports.invalid): query: pitchanan12579.freshports.invalid IN CNAME -E(0)D (162.208.116.85)
31-Dec-2024 11:25:32.972 client @0x374a16647160 61.220.8.183#60399 (stat01.freshports.invalid): query: stat01.freshports.invalid IN CNAME -E(0)DC (162.208.116.85)
31-Dec-2024 11:25:32.973 client @0x374a17ddf160 211.229.63.144#54791 (nalsaenda.freshports.invalid): query: nalsaenda.freshports.invalid IN CNAME -E(0)DCV (162.208.116.85)
31-Dec-2024 11:25:32.973 client @0x374a18416160 2400:cb00:445:1024::ac46:cd2e#47297 (tianxiazuqiufengkuangdezuqiu.freshports.invalid): query: tianxiazuqiufengkuangdezuqiu.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.973 client @0x374a17e2b160 2001:ce8:0:170a::13#64341 (ip-71.freshports.invalid): query: ip-71.freshports.invalid IN CNAME -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.974 client @0x374a16647160 59.18.54.68#43364 (bengkelkelilingjogjakarta.freshports.invalid): query: bengkelkelilingjogjakarta.freshports.invalid IN CNAME -E(0)DCV (162.208.116.85)
31-Dec-2024 11:25:32.974 client @0x374a18416160 2400:cb00:619:1024::a29e:596e#56075 (wessner.freshports.invalid): query: wessner.freshports.invalid IN CNAME -E(0)D (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.975 client @0x374a16647160 172.217.34.21#50109 (FLaME1739.FreSHPORts.invalid): query: FLaME1739.FreSHPORts.invalid IN CNAME -E(0)DC (162.208.116.85) [ECS 195.3.204.0/24/0]
31-Dec-2024 11:25:32.975 client @0x374a17e2b160 2a04:e4c0:25::79#56195 (bleach.freshports.invalid): query: bleach.freshports.invalid IN NS -E(0)DC (2610:1c1:0:4:e6aa:8980:e324:a3e9)
31-Dec-2024 11:25:32.975 client @0x374a17ddf160 192.221.151.7#11632 (aad.fResHporTS.invalid): query: aad.fResHporTS.invalid IN CNAME -E(0)DC (162.208.116.85)

Lots of crap for non-existent hosts in freshports.org.

Nearly all the traffic was for freshports.org queries:

[14:23 ns1 dvl /var/log/named] % wc -l queries.log.1
   27958 queries.log.1
[14:28 ns1 dvl /var/log/named] % 
[14:28 ns1 dvl /var/log/named] % grep -ci freshports.org queries.log.1
27901

So, what next

I could work on adding a fail2ban action for too many dns queries. That won’t help. Most of the queries were from unique IP addresses, which were probably spoofed anyways. I’m also not sure of the objective.

One idea: remove the keep state and use no state instead – thanks to Daniel J. BBell. – I think I’ll do that. Why keep state for DNS queries?

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top