Home page logo
/

nanog logo nanog mailing list archives

RE: Tracking the DNS amplification attacks (was: isprime DOS in progress)
From: "Frank Bulk" <frnkblk () iname com>
Date: Sat, 24 Jan 2009 21:00:53 -0600

I would not recommend sucking in your dns log into array, rather, read line
by line and iterate over the file, line by line.

Frank

-----Original Message-----
From: Brian Keefer [mailto:chort () smtps net] 
Sent: Saturday, January 24, 2009 6:50 PM
To: nanog () nanog org
Subject: Tracking the DNS amplification attacks (was: isprime DOS in
progress)

Caveat:  my PERL is _terrible_.

http://www.smtps.net/pub/dns-amp-watch.pl

This assumes you're using BIND.  My logs roll on the hour, so I run it  
from cron at 1 minute before the hour.  Depending on how long it takes  
to process your logs, you might need to tweak.

--
bk
CA cert:  http://www.smtps.net/pub/smtps-dot-net-ca-2.pem




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault