Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Dos attack?

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Dos attack?


Chronological Thread 
  • From: Peter Green <peter AT greenpete.co.uk>
  • To: <discuss AT lists.opennicproject.org>
  • Subject: Re: [opennic-discuss] Dos attack?
  • Date: Fri, 09 Mar 2012 00:31:41 +0000
  • Mail-reply-to: <peter AT greenpete.co.uk>

Yes, I am looking at the code now, but I have only rudimentary skills with
shell scripts so a little guidance would be gratefully received ;-)

If not, I will 'have a go'!

Peter

On Thu, 08 Mar 2012 18:28:46 -0600, Alex Hanselka wrote:

Julian doesn't use the script as far as I know, but Jeff wrote it. Other
than that you may have better luck reading the source code and editting
it to your needs :)

On 3/8/2012 6:25 PM, Peter Green wrote:

As yet it doesn't seem to be adversely effecting the server, the load
is below 1 and bandwidth seems fine too, but I would like to implement
something like Jeff's script just so as to not let them walk all over
my server! ;-) Certainly if Jeff or Julian can help, I will pass on
anything I learn to those that are interested. Jeff, Julian, can you
help please? Peter On Thu, 8 Mar 2012 21:13:10 -0300, Maximi89 wrote:

2012/3/8 Peter Green

Hi, I am getting this line in my named log about once per second...
"08-Mar-2012 23:10:30.885 client 212.227.135.196#80: query: isc.org
[1] IN ANY +ED (83.142.229.97)" It seems to be an extremely close
match to the attack mentioned here...
http://wiki.opennicproject.org/ddosBlock [1] [2] That script seems
to be aimed at port 25345 where as my log seems to show port 80.
Will Jeff's script help and if so, do I simply run it from crontab
every second?
As i know Jeff and Julian use this script, because time ago Julian
suffered this attack... so he started to search a solution... because
the old script was not working... so Jeff have created this script
who help a lot giving a good solution... so i guess you should ask to
Jeff or Julian how this works, and then share us how it works :D

I am concerned this may start to impact the websites I am hosting
on that server. I have never added this server to the public list,
and wonder why it's being targeted. I hope someone can help. Peter
-- Maximiliano Augusto Castañón Araneda Santiago, Chile Linux user
# 394821 Skype: maximi89 MSN: maximi89 AT gmail.com [2] [4] XMPP/Jabber:
maximi89 AT gmail.com [3] [5]
Links: ------ [1] http://isc.org [4] [2]
http://wiki.opennicproject.org/ddosBlock [5] [3]
mailto:peter AT greenpete.co.uk [6] [4] mailto:maximi89 AT gmail.com [7] [5]
mailto:maximi89 AT gmail.com [8]


Links:
------
[1] http://wiki.opennicproject.org/ddosBlock
[2] mailto:maximi89 AT gmail.com
[3] mailto:maximi89 AT gmail.com
[4] http://isc.org
[5] http://wiki.opennicproject.org/ddosBlock
[6] mailto:peter AT greenpete.co.uk
[7] mailto:maximi89 AT gmail.com
[8] mailto:maximi89 AT gmail.com



Archive powered by MHonArc 2.6.19.

Top of Page