discuss AT lists.opennicproject.org
Subject: Discuss mailing list
- From: Dean Gardiner <fuzeman91 AT gmail.com>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] Annoying DoS
- Date: Thu, 18 Oct 2012 10:05:02 +1300
Had a DoS to my inactive DNS server (damm UDP) ~10 hours ago but was for ripe.net. If these attacks continue happening monthly I might need to consider blocking all incoming traffic on port 53 at my ISP as these are becoming very disruptive to other services.
From memory the attack I got the source IP wasn't one of the IP Addresses you listed though. I posted a list of ~10 addresses that were involved in the last DDoS, wonder if this attack matches them? I assume this would be some kind of botnet so they could easily have changed addresses.
I know it was mentioned before on this list, but I can't remember if any
IP addresses were mentioned. Anyway, I was watching the logs the other
day and noticed one IP doing a lot of lookups for the same domain over
and over again (isc.org).
I thought nothing of it until I received a notice from the VPS supplier
that I had used over 80% of my traffic quota. I have never received that
message before so I investigated into what could be using so much
traffic. Sure enough, there was that IP address again, doing several
10's of lookups a second at least.
184.108.40.206 was doing the most, followed by 220.127.116.11, and then
I hope I haven't accidentally blocked the IP of an OpenNIC T1 testing
server, if I have, let me know. Otherwise, this is a heads up about a
possible DoS attempt which as it turned out, was highly annoying.
- [opennic-discuss] Annoying DoS, Martin C, 10/17/2012
- Re: [opennic-discuss] Annoying DoS, Martin C, 10/17/2012
- Re: [opennic-discuss] Annoying DoS, Dean Gardiner, 10/17/2012
- Re: [opennic-discuss] Annoying DoS, Brian Koontz, 10/17/2012
- Re: [opennic-discuss] Annoying DoS, The Doctor, 10/18/2012
Archive powered by MHonArc 2.6.19.