Discuss mailing list

[Maximi89 <maximi89 AT gmail.com>]

2012/3/8 Peter Green <peter AT greenpete.co.uk>

Hi,

I am getting this line in my named log about once per second...

"08-Mar-2012 23:10:30.885 client 212.227.135.196#80: query: isc.org IN ANY +ED (83.142.229.97)"

It seems to be an extremely close match to the attack mentioned here...
http://wiki.opennicproject.org/ddosBlock

That script seems to be aimed at port 25345 where as my log seems to show port 80.

Will Jeff's script help and if so, do I simply run it from crontab every second?

As i know Jeff and Julian use this script, because time ago Julian suffered this attack... so he started to search a solution... because the old script was not working... so Jeff have created this script who help a lot giving a good solution... so i guess you should ask to Jeff or Julian how this  works, and then share us how it works :D

I am concerned this may start to impact the websites I am hosting on that server.

I have never added this server to the public list, and wonder why it's being targeted.

I hope someone can help.

Peter

-- 
Maximiliano Augusto Castañón Araneda
Santiago, Chile
Linux user # 394821

Skype: maximi89
MSN: maximi89 AT gmail.com
XMPP/Jabber: maximi89 AT gmail.com