Home page logo
/

nanog logo nanog mailing list archives

Are we really this helpless? (Re: isprime DOS in progress)
From: Seth Mattinen <sethm () rollernet us>
Date: Fri, 23 Jan 2009 18:05:43 -0800

Noel Butler wrote:
On Sat, 2009-01-24 at 07:21, Chris McDonald wrote:

We [AS3491] null0'd the IP earlier.  Rest-of-world encouraged to do the same :/




Wrong approach, they are *innocent* in this as are the new targets.

insert into your favourite acl:
deny udp host 66.230.160.1 neq 53 any eq 53
deny udp host 66.230.128.15 neq 53 any eq 53

But it's much less work to add a filter on the name server as others
have mentioned.




Having the world trying to keep up with ACL entries seems futile. Is there really nothing to be done about this? (Yes, I know, BCP38, but obviously the accomplice providers don't care.)

~Seth


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]