Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

I have released an update to ddos.pl which is admittedly a hack, but for
now will resolve a long-term issue with the program.  The new update
will reload the data from the block file at the start of every hour,
ensuring that no IPs remain blocked indefinitely.

http://wiki.opennic.glue/ddosDotPl

The problem stems from some IP data being dropped from the array before
it has been removed from iptables.  To properly fix this issue, I need
to do a more thorough code review.  The update given above will simply
reload data every hour, so if any IPs have been dropped without cleaning
up either iptables or the block file, those entries will be immediately
expired and removed.  For continuous operation, this should ensure that
the program cleans up after itself.

For those who are new to OpenNic and not familiar with this code, this
is something that Tier-2 operators will want to consider.  Because
OpenNic runs public DNS servers, we are a prime target for abuse by
spammers and botnets.  This program originated as a method of blocking
outright DDOS attacks (thus the name), but is continually evolving to
try and prevent abuse of our servers without affecting legitimate
internet users.  If you have any questions about its use, feel free to
ask me through email or on IRC (Shdwdrgn).