discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Annoying DoS

From: Brian Koontz <brian AT opennicproject.org>
To: discuss AT lists.opennicproject.org
Subject: Re: [opennic-discuss] Annoying DoS
Date: Wed, 17 Oct 2012 18:47:47 -0500

On Thu, Oct 18, 2012 at 06:51:52AM +1000, Martin C wrote:
> I know it was mentioned before on this list, but I can't remember if any
> IP addresses were mentioned. Anyway, I was watching the logs the other
> day and noticed one IP doing a lot of lookups for the same domain over
> and over again (isc.org).

Martin, in addition to Jeff's excellent DDOS.pl script that Alex
mentioned, you might also try these iptables rules:

http://wiki.opennic.glue/IPTablesRulesToBlockDDOSTraffic

They have been very effective on a couple of servers (including mine)
in reducing server load. Of course, they do nothing for upstream
traffic that is still hammering your server, but at some point the ISP
has to take some responsibility for monitoring their own upstream
stuff.

--Brian

--
OpenNIC (the sequel) co-founder and wikimaster
IRC: Freenode.net channel #opennic

Attachment: pgpWI072nG0GZ.pgp
Description: PGP signature

[opennic-discuss] Annoying DoS, Martin C, 10/17/2012
- Re: [opennic-discuss] Annoying DoS, Martin C, 10/17/2012
  - Re: [opennic-discuss] Annoying DoS, Alex Hanselka, 10/17/2012
    - Re: [opennic-discuss] Annoying DoS, Dean Gardiner, 10/17/2012
      - Re: [opennic-discuss] Annoying DoS, Dean Gardiner, 10/17/2012
- Re: [opennic-discuss] Annoying DoS, Dean Gardiner, 10/17/2012
- Re: [opennic-discuss] Annoying DoS, Brian Koontz, 10/17/2012
  - Re: [opennic-discuss] Annoying DoS, Jeff Taylor, 10/18/2012
    - Re: [opennic-discuss] Annoying DoS, Bersl, 10/18/2012
- Re: [opennic-discuss] Annoying DoS, The Doctor, 10/18/2012