On Sat, 2009-01-24 at 07:21, Chris McDonald wrote:
We [AS3491] null0'd the IP earlier. Rest-of-world encouraged to do the same :/
Wrong approach, they are *innocent* in this as are the new targets.
insert into your favourite acl:
deny udp host 220.127.116.11 neq 53 any eq 53
deny udp host 18.104.22.168 neq 53 any eq 53
But it's much less work to add a filter on the name server as others