Hi Guys,
Here is the situation...
I have a dedicated server at ISP X, about 1 week after I signed up for
the service I received a DoS attack against my DNS service... the attack
came from over 10,000 IP addresses and tried to resolve the following
domain names...
leet.nexhost.org
ns1.nexhost.org
ns2.nexhost.org
floop.m33pm33p.info
irc.k1hosting.net
b0tn3t.elite-coders.org
I thought i would be clever and changed root.cache on my named service
to resolve all dns queries to 127.0.0.1, this seems to of worked for
about 1hr. Next I get even more attacks on port 5556 which I don't even
use and basically by default drop everything to that port.
I have sent off abuse reports for over 10,000 IP's, grouping them by ISP
and sending 1 email per ISP.....
What to do? I've got a constant 200Kbps of traffic, and its kinda
bugging me...
Any help would greatly be appreciated. (btw, netsky.V uses port 5556)
Regards
Nigel Kukard
Received on Jan 04 2005
Intro
