mailing list archives
RE: Tracking the DNS amplification attacks (was: isprime DOS in progress)
From: "Frank Bulk" <frnkblk () iname com>
Date: Sat, 24 Jan 2009 21:00:53 -0600
I would not recommend sucking in your dns log into array, rather, read line
by line and iterate over the file, line by line.
From: Brian Keefer [mailto:chort () smtps net]
Sent: Saturday, January 24, 2009 6:50 PM
To: nanog () nanog org
Subject: Tracking the DNS amplification attacks (was: isprime DOS in
Caveat: my PERL is _terrible_.
This assumes you're using BIND. My logs roll on the hour, so I run it
from cron at 1 minute before the hour. Depending on how long it takes
to process your logs, you might need to tweak.
CA cert: http://www.smtps.net/pub/smtps-dot-net-ca-2.pem