Discuss mailing list

[Peter Green <peter AT greenpete.co.uk>]

As yet it doesn't seem to be adversely effecting the server, the load 
is
below 1 and bandwidth seems fine too, but I would like to implement 
something
like Jeff's script just so as to not let them walk all over my server! 
;-)

Certainly if Jeff or Julian can help, I will pass on anything I learn 
to
those that are interested.

Jeff, Julian, can you help please?

Peter

On Thu, 8 Mar 2012 21:13:10 -0300, Maximi89 wrote:

> 2012/3/8 Peter Green
>
> > Hi,
> >
> > I am getting this line in my named log about once per second...
> >
> > "08-Mar-2012 23:10:30.885 client 212.227.135.196#80: query: isc.org
> > [1] IN ANY +ED (83.142.229.97)"
> >
> > It seems to be an extremely close match to the attack mentioned
> > here...
> > http://wiki.opennicproject.org/ddosBlock [2]
> >
> > That script seems to be aimed at port 25345 where as my log seems to
> > show port 80.
> >
> > Will Jeff's script help and if so, do I simply run it from crontab
> > every second?
>
> As i know Jeff and Julian use this script, because time ago Julian
> suffered this attack... so he started to search a solution... because 
> the
> old script was not working... so Jeff have created this script who 
> help a
> lot giving a good solution... so i guess you should ask to Jeff or 
> Julian
> how this works, and then share us how it works :D
>
> > I am concerned this may start to impact the websites I am hosting on
> > that server.
> >
> > I have never added this server to the public list, and wonder why 
> > it's
> > being targeted.
> >
> > I hope someone can help.
> >
> > Peter
>
> --
> Maximiliano Augusto Castañón Araneda
> Santiago, Chile
> Linux user # 394821
>
> Skype: maximi89
> MSN: maximi89 AT gmail.com [4]
> XMPP/Jabber: maximi89 AT gmail.com [5]


Links:
------
[1] http://isc.org
[2] http://wiki.opennicproject.org/ddosBlock
[3] mailto:peter AT greenpete.co.uk
[4] mailto:maximi89 AT gmail.com
[5] mailto:maximi89 AT gmail.com