discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Alex Hanselka <alex AT hanselka.name>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] Dos attack?
- Date: Thu, 08 Mar 2012 17:26:45 -0600
Often times, people will scan IPv4 netblocks for open services (like
DNS) so that may be what happened here.
Otherwise, I don't know much how to help you. I generally have the
bandwidth to ignore such queries :)
On 3/8/2012 5:24 PM, Peter Green wrote:
> Hi,
>
> I am getting this line in my named log about once per second...
>
> "08-Mar-2012 23:10:30.885 client 212.227.135.196#80: query: isc.org IN
> ANY +ED (83.142.229.97)"
>
> It seems to be an extremely close match to the attack mentioned here...
> http://wiki.opennicproject.org/ddosBlock
>
> That script seems to be aimed at port 25345 where as my log seems to
> show port 80.
>
> Will Jeff's script help and if so, do I simply run it from crontab
> every second?
>
> I am concerned this may start to impact the websites I am hosting on
> that server.
>
> I have never added this server to the public list, and wonder why it's
> being targeted.
>
> I hope someone can help.
>
> Peter
- [opennic-discuss] Dos attack?, Peter Green, 03/08/2012
- Re: [opennic-discuss] Dos attack?, Alex Hanselka, 03/08/2012
- Re: [opennic-discuss] Dos attack?, Maximi89, 03/08/2012
- Re: [opennic-discuss] Dos attack?, Peter Green, 03/08/2012
- Re: [opennic-discuss] Dos attack?, Alex Hanselka, 03/08/2012
- Re: [opennic-discuss] Dos attack?, Peter Green, 03/08/2012
- Re: [opennic-discuss] Dos attack?, Julian DeMarchi, 03/08/2012
- Re: [opennic-discuss] Dos attack?, Peter Green, 03/08/2012
- Re: [opennic-discuss] Dos attack?, Julian DeMarchi, 03/08/2012
- Re: [opennic-discuss] Dos attack?, Peter Green, 03/08/2012
- Re: [opennic-discuss] Dos attack?, Alex Hanselka, 03/08/2012
- Re: [opennic-discuss] Dos attack?, Peter Green, 03/08/2012
- Re: [opennic-discuss] Dos attack?, Jeff Taylor, 03/09/2012
Archive powered by MHonArc 2.6.19.