Home page logo
/

nanog logo nanog mailing list archives

Re: isprime DOS in progress
From: Harald Koch <chk () pobox com>
Date: Wed, 21 Jan 2009 13:24:22 -0500

Graeme Fowler wrote:
On Tue, 2009-01-20 at 14:55 -0600, Todd T. Fries forwarded:

I've been seeing a lot of noise from the latter two addresses after
switching on query logging (and finishing an application of Team Cymru's
excellent template) so I decided to DROP traffic from the addresses
(with source port != 53) at the hosts in question.

Well, blow me down if they didn't completely stop talking to me. Four
dropped packets each, and they've gone away.

I've seen that behaviour in the past, but not this time?

I've seen a few of these attacks bouncing off my nameservers recently, and when I add "DROP" rules to my firewall, the incoming traffic disappears soon after. But the most recent set (66.230.160.1 and 66.230.128.15) are still hammering away...

--
Harald



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault