mailing list archives
Re: isprime DOS in progress
From: Harald Koch <chk () pobox com>
Date: Wed, 21 Jan 2009 13:24:22 -0500
Graeme Fowler wrote:
On Tue, 2009-01-20 at 14:55 -0600, Todd T. Fries forwarded:
I've been seeing a lot of noise from the latter two addresses after
switching on query logging (and finishing an application of Team Cymru's
excellent template) so I decided to DROP traffic from the addresses
(with source port != 53) at the hosts in question.
Well, blow me down if they didn't completely stop talking to me. Four
dropped packets each, and they've gone away.
I've seen that behaviour in the past, but not this time?
I've seen a few of these attacks bouncing off my nameservers recently,
and when I add "DROP" rules to my firewall, the incoming traffic
disappears soon after. But the most recent set (22.214.171.124 and
126.96.36.199) are still hammering away...