discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Christopher <weblionx AT gmail.com>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] Killed an IP due to excessive usage
- Date: Tue, 28 Dec 2010 23:01:10 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=XdsHzfS4krKoEzbMggj1/5TetsUK5qU9nRLH60Xkizgtn1Ps7x3ysj5vp20V7I4r8O jrMWhPnVW3/+aI0BBExH5iGq3ddFRk02Ghhwemk46g+WWXdNqr0bQC44BV1VA3lwVKTz y2MH2FA4n+kAhA/rpEaqbWe0MhNAvYiIT7RoQ=
- List-archive: <http://lists.darkdna.net/pipermail/discuss>
- List-id: <discuss.lists.opennicproject.org>
Have you tried adding a second rule for TCP connections? Usually
they're not used, but if it's some sort of botnet it may be configured
to try both to increase its chances of success. This would also cause
higher bandwidth usage. Of course, this assumes the server accepts TCP
connections.
On Tue, Dec 28, 2010 at 10:51 PM, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:
> iptables -A INPUT -p udp --dport 53 -m limit --limit 20/s --limit-burst 40
> -j DROP
...
> Now I say this rule 'should' limit traffic, because as I type this I am
> seeing another wave coming through from two IP's that prompted my blocks
> earlier today. Apparently the rule is not doing what I expect as my
> bandwidth jumped from about 10Kb/s to over 1800Kb/s (two IP addresses
> slamming me with about 16,000 queries in 3 minutes). So again, if someone
> else has more experience with iptables, I've love to see a proper rule for
> this situation.
- [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/24/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Dean Gardiner, 12/24/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/25/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Günter Grodotzki, 12/25/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/25/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Günter Grodotzki, 12/25/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/25/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Christopher, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Larry Brower, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Julian De Marchi, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Julian De Marchi, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Larry Brower, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Julian De Marchi, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/29/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/29/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Jeff Taylor, 12/29/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Christopher, 12/28/2010
- Re: [opennic-discuss] Killed an IP due to excessive usage, Dean Gardiner, 12/24/2010
Archive powered by MHonArc 2.6.19.