Discuss mailing list

[mike <mike AT pikeaero.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks for all the info Jeff, Yeah I'll temporarily turn logging back on
overnight here and try and get a picture of what's going on.

- --Mike

On 11-06-19 10:28 PM, Jeff Taylor wrote:
> We've had some small bits of discussion on IRC over the weekend regarding a 
> flood of MX queries that result in errors.  If you do any sort of logging 
> on 
> your server, see if you can pick out any trends.
> 
> One known issue to check for that might account for your sudden activity... 
> check to see if you have large blocks of DNS activity that all come in on 
> port 
> 25345 and are looking for isc.org.  If you are seeing this, someone is 
> trying to 
> use your server in an attempt to DDOS the creators of BIND (don't ask why, 
> nobody has been able to figure that out)... I have a bash script you can 
> run in 
> the background that will automatically add and expire iptables rules to 
> control 
> the flow, however it requires that you have a log file showing the 
> offending IP 
> addresses.  Send me an email or catch me on IRC if you need to use this.
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJN/ruQAAoJEEzVYN3s3Af76McH/2zfCQ+Za2AG+eNqGutIxSiI
YQUpexTsAtl0u2bTdHkI6gkgXsGWvzQJ+SRwHIEM6fn5WDLerQuZsZMG5GmAI000
bWXjalulRTUpw4esgBzgq8kL/jkSo4BCw3SxjMSYc0zIFperuuKmOUHjEAFWDfCa
0s01eL/rqq4d2f+vYLvUX5Roi4jZzgEmRs8EosNkHpE44b4DuvOAAVqtqAndxZcV
kngCUcAx0tlPz14CqeQSWl0zNuNdBtiQPiqdI7RKKUyBlfKXzgt8xVVbE2x/02oZ
qfwhtkxwwRdf5EUUtYDtpNDO+YakPD3D6J/lgajBNYlIvosZK9mOPwsWhIup5r4=
=vzeM
-----END PGP SIGNATURE-----