Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Annoying DoS

discuss AT

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Annoying DoS

Chronological Thread 
  • From: Dean Gardiner <fuzeman91 AT>
  • To: discuss AT
  • Subject: Re: [opennic-discuss] Annoying DoS
  • Date: Thu, 18 Oct 2012 10:05:02 +1300

Had a DoS to my inactive DNS server (damm UDP) ~10 hours ago but was for If these attacks continue happening monthly I might need to consider blocking all incoming traffic on port 53 at my ISP as these are becoming very disruptive to other services.

From memory the attack I got the source IP wasn't one of the IP Addresses you listed though. I posted a list of ~10 addresses that were involved in the last DDoS, wonder if this attack matches them? I assume this would be some kind of botnet so they could easily have changed addresses.

- Dean

On Oct 18, 2012 9:51 AM, "Martin C" <martin AT> wrote:
I know it was mentioned before on this list, but I can't remember if any
IP addresses were mentioned. Anyway, I was watching the logs the other
day and noticed one IP doing a lot of lookups for the same domain over
and over again (

I thought nothing of it until I received a notice from the VPS supplier
that I had used over 80% of my traffic quota. I have never received that
message before so I investigated into what could be using so much
traffic. Sure enough, there was that IP address again, doing several
10's of lookups a second at least. was doing the most, followed by, and then

I hope I haven't accidentally blocked the IP of an OpenNIC T1 testing
server, if I have, let me know. Otherwise, this is a heads up about a
possible DoS attempt which as it turned out, was highly annoying.

Martin C.

Archive powered by MHonArc 2.6.19.

Top of Page