Is it DDOS attack?

Question

For three successive days, now, I'm having four or five unique servers' queries being denied by my csf firewall, which are renamed in the following extract I got from my log as "www.example1.com", "www.example2.com", "ns1.example3.com", "ns2.example3.com". My question is if I have to consider these as attacks? If so, do I need to worry about increasing my security measures in spite of the firewall blocking the queries?

Please note that similar IPs and ports are named with the same letters.

Jul 22 12:24:00 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=blahblahblah SRC=ZZZ.ZZZ.Z.ZZZ DST=25$
Jul 22 12:24:00 server named[xxxx]: client aaa.aa.aaa.a#aaaaa: query (cache) 'www.example1.com/A/IN' denied
Jul 22 12:24:00 server named[xxxx]: client aaa.aa.aaa.a#bbbbb: query (cache) 'www.example2.com/A/IN' denied
Jul 22 12:24:00 server named[xxxx]: client ccc.ccc.ccc.ccc#ddddd: query (cache) 'ns2.example3.com/A/IN' denied
Jul 22 12:24:03 server named[xxxx]: client ddd.dd.ddd.d#eeeee: query (cache) 'ns1.example3.com/A/IN' denied
Jul 22 12:24:03 server named[xxxx]: client ddd.dd.ddd.d#fffff: query (cache) 'ns2.example3.com/A/IN' denied
Jul 22 12:24:03 server named[xxxx]: client ddd.dd.ddd.d#ggggg: query (cache) 'ns2.example3.com/A/IN' denied
Jul 22 12:24:03 server named[xxxx]: client ddd.dd.ddd.d#hhhhh: query (cache) 'ns1.example3.com/A/IN' denied
Jul 22 12:24:03 server named[xxxx]: client iii.i.i.ii#jjjjj: query (cache) 'ns1.example3.com/A/IN' denied
Jul 22 12:24:03 server named[xxxx]: client iii.i.i.ii#jjjjj: query (cache) 'www.example2.com/A/IN' denied
Jul 22 12:24:04 server named[xxxx]: client kkk.kkk.kkk.kk#lllll: query (cache) 'www.example1.com/A/IN' denied
Jul 22 12:24:05 server named[xxxx]: client kkk.kkk.kkk.kk#mmmmm: query (cache) 'www.example2.com/A/IN' denied
Jul 22 12:24:06 server named[xxxx]: client nnn.nn.nnn.n#ooooo: query (cache) 'www.example2.com/A/IN' denied
Jul 22 12:24:06 server named[xxxx]: client ppp.pp.ppp.p#qqqqq: query (cache) 'ns2.example3.com/A/IN' denied
Jul 22 12:24:06 server named[xxxx]: client ppp.pp.ppp.p#rrrr: query (cache) 'ns1.example3.com/A/IN' denied
Jul 22 12:24:06 server named[xxxx]: client nnn.nn.nnn.n#sssss: query (cache) 'www.example2.com/A/IN' denied
Jul 22 12:24:07 server named[xxxx]: client ppp.pp.ppp.p#ttttt: query (cache) 'ns1.example3.com/A/IN' denied
Jul 22 12:24:07 server named[xxxx]: client ppp.pp.ppp.p#uuuuu: query (cache) 'ns2.example3.com/A/IN' denied
Jul 22 12:24:08 server named[xxxx]: client vv.vvv.vv.vvv#wwwww: query (cache) ‘www.example4.com/A/IN' denied
Jul 22 12:24:08 server named[xxxx]: client xx.xxx.xx.xx#yyyyy: query (cache) 'ns1.example3.com/A/IN' denied
Jul 22 12:24:10 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=blahblahblah SRC=xxx.xxx.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=xxxx PROTO=UDP SPT=17500 DPT=17500 LEN=111
Jul 22 12:24:10 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=blahblahblah SRC=xxx.xxx.xxx.xx DST=ZZZ.ZZZ.ZZZ.ZZZ LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=yyyy PROTO=UDP SPT=17500 DPT=17500 LEN=111
Jul 22 12:24:10 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=blahblahblah SRC=yyy.yyy.yyy.yyy DST=255.255.255.255 LEN=115 TOS=0x00 PREC=0x00 TTL=64 ID=z DF PROTO=UDP SPT=5678 DPT=5678 LEN=95

Any ideas would be appreciated. Thanks

No one knows the answer to this one? – ajax20 Jul 23 '14 at 05:36 — ajax20, Jul 23 '14 at 05:36

Is it DDOS attack?

0 Answers0